sysPass ajax_search.php SQL Injection Vulnerability

sysPass is a password manager that allows to save passwords using bidirectional encryption with a master password to a database. A SQL Injection vulnerability in ajax_search.php allows remote, authenticated users to execute arbitrary SQL queries.

Affected Versions:
sysPass 1.0.9 and earlier

An authenticated remote user could exploit this vulnerability to run arbitrary SQL queries on the system and retrieve sensitive information.

Customers are advised to upgrade to the latest version of the software available from sysPass

Patch:
Following are links for downloading patches to fix the vulnerabilities:

sysPass