CVE-2024-44542

Name of the Vulnerable Software and Affected Versions todesk version 1.1

Description The issue allows a remote attacker to execute arbitrary code. This is achieved via the "/todesk.com/news.html" API endpoint, where a parameter is vulnerable to SQL injection. No information is provided about the estimated number of potentially affected devices or real-world incidents.

Recommendations For todesk version 1.1, update to a version that fixes the SQL injection issue, if available. As a temporary workaround, consider restricting access to the "/todesk.com/news.html" API endpoint to minimize the risk of exploitation. Avoid using vulnerable parameters in this endpoint until the issue is resolved.