CVE-2021-3286

Name of the Vulnerable Software and Affected Versions Spotweb version 1.4.9

Description The issue is related to SQL injection due to an inadequate protection mechanism. Specifically, the notAllowedCommands mechanism is incomplete, allowing variations of malicious payloads to be used. This problem exists because of an incomplete fix for a previous issue.

Recommendations For Spotweb version 1.4.9, consider disabling the functionality that allows user input to be executed as SQL commands until a proper fix is available. Restrict access to sensitive database operations to minimize the risk of exploitation.