Labvantage LIMS: Vulnerability Details Vendor: Labvantage Product: Labvantage LIMS Affected Endpoint: Vulnerable Parameter: Vulnerability Type: SQL Injection Vulnerability Overview SQL Injection is a critical security vulnerability that occurs when an application includes user-supplied data in SQL queries without proper validation or escaping. This flaw allows attackers to manipulate the SQL query and execute arbitrary SQL code, potentially gaining unauthorized access to the database, exfiltrating data, or modifying database contents. Specific Vulnerability in Labvantage LIMS In the Labvantage LIMS product, the SQL injection vulnerability was found in the parameter of the POST request to the endpoint . Reproduction of the Attack The following steps were used to identify and confirm the SQL injection vulnerability in the parameter of the POST request to the affected endpoint. The testing was conducted using Burp Suite. Step 1: Normal Request 1. Description: A normal request was made with set to a regular integer value . 2. Observation: The size of the response was recorded.