An unauthenticated remote attacker can send a specially crafted message to the ThinManager database, which could result in the alteration of its contents. For example, the attacker can enable HTTP API and add an API key to the ApiKeys table in the database so that he or she can access protected API URL endpoints.
