U.S. Dept Of Defense: SQL Injection

The application was found to have a blind SQL injection vulnerability in the 'filterevent' parameter. The vulnerability allowed an attacker to manipulate database queries and extract sensitive information from the database through time-based or boolean-based techniques, as the injection was blind...