From the provided screenshot, the key details about the vulnerability can be summarized as follows: Severity: High Vulnerability: SQL Injection via user-login.html Affected Software Versions: - ZenTao Biz versions below 6.5 - ZenTao Max versions below 3.0 - ZenTao Open Source Edition versions below 16.5 and 16.5beta1 CVE Identifier: CVE-2022-4984 CWE Identifier: CWE-89 (related to SQL Injection) CVSS Score: 8.7 CVSS v4 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N References: Links to official releases for the affected ZenTao versions, Shadowserver Exploitation Evidence, and CNVD record Description: An SQL injection vulnerability exists in the login functionality due to improper validation of the account parameter. This allows a remote unauthenticated attacker to execute crafted SQL expressions and retrieve sensitive information from the database, including user and application data. The exploitation evidence was observed by the Shadowserver Foundation on 2025-02-07 UTC.