CVE-2022-25506

Name of the Vulnerable Software and Affected Versions FreeTAKServer-UI version 1.9.8

Description The issue is a SQL injection vulnerability that can be exploited via the API endpoint /AuthenticateUser. This allows an attacker to inject malicious SQL code, potentially leading to unauthorized access or data manipulation.

Recommendations For FreeTAKServer-UI version 1.9.8, consider disabling access to the /AuthenticateUser API endpoint until a patch is available. Restricting input validation for the username and password variables in this endpoint can also help minimize the risk of exploitation.