Key Information Vulnerability Description Vulnerability Type: SQL Injection Affected Version: OpenCats 0.9.6 Affected Module: 'Job Orders' Root Cause: The variable is user-controllable, leading to SQL injection within an UPDATE statement. Solution Upgrade to: OpenCats 0.9.7 or later. PoC (Proof of Concept) Vulnerable Code: Attack Example: - An attacker can exploit the vulnerability by crafting a payload such as: - This will cause the user's password hash to be written into the field, resulting in sensitive data leakage. Reference Links CVE-2022-43021 OpenCats News