Key Information Summary Vulnerability Overview Vulnerability Type: SQL Injection Vulnerability Affected Version: Latest version, specifically commit (2025-06-29): cafaccf Description: In the latest version, two parameters passed to are not using prepared statements, leading to an SQL injection vulnerability. Attackers can exploit this vulnerability to take control of the server. Vulnerability Details Tested Version: commit (2025-06-29): cafaccf Vulnerable Endpoints and Parameters: - - Taint Analysis: - Related Code File: - Methods: and - XML Mapping File: POC - sqlmap Command Examples: Request Examples: - : Contains HTTP request for - : Contains HTTP request for Impact Link: Impact of a Successful SQL Injection Attack