CVE-2024-44541

Name of the Vulnerable Software and Affected Versions Inventio Lite versions v4 and before

Description The issue concerns a SQL Injection vulnerability. It can be exploited via the username parameter in the "/?action=processlogin" API endpoint. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where this issue was exploited.

Recommendations For Inventio Lite versions v4 and before, as a temporary workaround, consider restricting access to the "/?action=processlogin" API endpoint until a patch is available. Avoid using the username parameter in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.