CVE-2024-44349

Name of the Vulnerable Software and Affected Versions AnteeoWMS versions prior to 4.7.34

Description A SQL injection issue in the login portal allows unauthenticated attackers to execute arbitrary SQL commands via the username parameter, potentially leading to the disclosure of some data in the underlying database.

Recommendations For versions prior to 4.7.34, update to version 4.7.34 or later to resolve the issue. As a temporary workaround, consider restricting access to the login portal or validating and sanitizing the username parameter to minimize the risk of exploitation.