Navarino Infinity web interface up to version 2.2 is affected by multiple vulnerabilities.
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - CVE-2018-5384
A remote, unauthenticated attacker may be able to bypass authentication and perform some administrative functions or perform SQL injection.
According to the vendor's website, the hotfix has been made available to all Infinity users.
Thanks to Vangelis Stykas for reporting this vulnerability.
This document was written by Noelle Allon.