CVE-2020-25147

Name of the Vulnerable Software and Affected Versions Observium Professional, Enterprise & Community version 20.8.10631

Description The issue allows for SQL Injection due to the possibility of injecting malicious SQL statements in malformed parameter types. This can occur via the username[0] parameter to the default URI, because of includes/authenticate.inc.php.

Recommendations For Observium Professional, Enterprise & Community version 20.8.10631, avoid using the username[0] parameter in the affected default URI until the issue is resolved. Consider temporarily restricting access to the includes/authenticate.inc.php file as a quick mitigation measure.