CVE-2020-13118

Name of the Vulnerable Software and Affected Versions Mikrotik Router Monitoring System versions through 2018-10-22

Description An issue exists in the check community.php file of the Mikrotik Router Monitoring System, related to a lack of protection of the SQL query structure. This allows for SQL Injection via the community parameter. Exploitation of this issue may allow a remote attacker to impact the confidentiality, integrity, and availability of protected information.

Recommendations For versions through 2018-10-22, as a temporary workaround, consider disabling the check community.php file or restricting access to it until a patch is available. Avoid using the community parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.