Yuri

Name of the Vulnerable Software and Affected Versions: Simple Document Management System (SDMS) versions 1.1.4 through 1.1.5 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `pass` parameter in the login.php file. Recommendations: For SDMS versions 1.1.4 and 1.1.5, consider restricting access to the login.php file until a fix is available. As a temporary workaround, avoid using the `pass` parameter in the login.php file to minimize the risk of exploitation.