Roxy-WI up to and including 5.2.2.0 allows SQL Injection via check_login. An unauthenticated attacker can extract a valid uuid to bypass authentication.
roxy-wi roxy-wi