SQL injection vulnerability in panel/index.php in MLFFAT 2.1 allows remote malicious users to execute arbitrary SQL commands via a base64-encoded supervisor cookie.
mlffat mlffat 2.1