Mocodo Mocodo Online 4.2.6 and below does not properly sanitize the sql_case
input field in /web/generate.php
, allowing remote attackers to execute arbitrary SQL commands and potentially command injection, leading to remote code execution (RCE) under certain conditions.