CVE-2023-34635

Name of the Vulnerable Software and Affected Versions Wifi Soft Unibox Administration versions 3.0 through 3.1

Description The issue arises from the lack of validation or sanitization of user input in the username field of the login page, leading to SQL Injection. This allows attackers to inject malicious SQL code, potentially accessing or modifying sensitive data.

Recommendations For versions 3.0 and 3.1, consider disabling the login functionality until a patch is available, or restrict access to the login page to minimize the risk of exploitation. Avoid using the username field in the login page until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.