CVE-2020-13127

Name of the Vulnerable Software and Affected Versions Loway QueueMetrics versions prior to 19.04.1

Description A SQL injection issue exists at the tpf URI, allowing remote authenticated attackers to execute arbitrary SQL commands via the TASKS LIST pt.querystring parameter.

Recommendations For versions prior to 19.04.1, update to version 19.04.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the tpf URI to minimize the risk of exploitation. Avoid using the TASKS LIST pt.querystring parameter in the affected URI until the issue is resolved.