Unc1E

Name of the Vulnerable Software and Affected Versions: ThinkSAAS versions prior to 3.38 Description: The issue allows remote attackers to execute arbitrary SQL commands through a SQL injection vulnerability. This vulnerability is exploited through the "app/topic/action/admin/topic.php" endpoint via the `title` parameter. Recommendations: For versions prior to 3.38, update to version 3.38 or later to resolve the issue. As a temporary workaround, consider restricting access to the "app/topic/action/admin/topic.php" endpoint or avoiding the use of the `title` parameter until the issue is resolved.