A vulnerability was found in roxlukas LMeve and classified as critical. Affected by this issue is some unknown functionality of the component Login Page. The manipulation of the argument X-Forwarded-For leads to sql injection. Using CWE to declare the problem leads to CWE-89. The weakness was released 12/17/2022 as 29e1ead3bb1c1fad53b77dfc14534496421c5b5d. The advisory is shared for download at github.com. This vulnerability is handled as CVE-2021-4246. The attack may be launched remotely. Technical details are available. There is no exploit available. The current price for an exploit might be approx. USD $0-$5k at the moment. The MITRE ATT&CK project declares the attack technique as T1505. It is declared as not defined. As 0-day the estimated underground price was around $0-$5k. The name of the patch is 29e1ead3bb1c1fad53b77dfc14534496421c5b5d. The bugfix is ready for download at github.com. It is recommended to apply a patch to fix this issue. A possible mitigation has been published before and not just after the disclosure of the vulnerability.