Summary - A critical SQL injection vulnerability was detected in . - The vulnerability affects an unknown function in the file . - Manipulating the argument can lead to a SQL injection attack. - The vulnerability is tracked as . - The attack can be carried out remotely, and an exploit is present. Details - The vulnerability is classified as critical and affects an unknown functionality in . - The CWE definition is (SQL injection). - The software constructs SQL commands using externally-influenced input without proper neutralization. - The vulnerability impacts confidentiality, integrity, and availability. - An advisory is available on GitHub. - The exploit is easy to launch remotely, without authentication. - The attack technique is in MITRE ATT&CK. - The exploit can be downloaded from GitHub. - Vulnerable targets can be found using Google Hacking with the query . - No countermeasures are known, but replacing the affected object with an alternative product is suggested.