Key Information Summary Vulnerability Description Vulnerability Type: SQL Injection Affected Interface: /project/addprojtemplet Affected Versions: 1.0.2 - 2.0.5 Vulnerability Location In the function, input parameters are not properly validated or escaped, leading to SQL injection. Exploitation Method Time-based Blind SQL Injection: Utilizes the function to create delays, and determines SQL query results by analyzing differences in response times of network requests. Example POC: SQLite Version Detection: Successfully detected the online SQLite database version as 3.31.1. Network Packet Example Request: Additional Information Status: Closed Report Date: March 11, 2023 Verification of Fix Date: March 17, 2023