Xara Designer Pro Plus 21'and(select'1'from/**/cast(md5(1471400058)as/**/int))>'0 Apr 2026

The cast(... as int) command attempts to force this long string into a number.

Ensure any web forms you host (e.g., "Contact Us" or "Product Search") use parameterized queries to prevent these strings from being executed by the database.

Are you seeing this in a or as an error message within the Xara application itself? Download Xara Designer Pro+ The cast(

In many databases (like PostgreSQL or SQL Server), this will trigger a verbose error message that displays the hash. If an attacker sees that hash in your server's error logs or response, they know the site is vulnerable to SQL injection.

: This is the "signature" of the attack. Are you seeing this in a or as

This string is a classic example of an , specifically a "boolean-based" or "error-based" probe used by automated scanners and attackers. While Xara Designer Pro Plus is a desktop graphics application, these payloads are often seen in the wild targeting web servers that might be running backend services related to the software (such as license activation servers or cloud-sharing components). Payload Breakdown

Ensure you are using the latest version of Designer Pro+ and that any associated web services (like IIS or Apache) are fully patched. : This is the "signature" of the attack

If this appeared in your server logs, it means your firewall or web application server blocked a probe.