CVE-2019-20179
SOPlanning 1.45 is vulnerable to a SQL injection via the user_list.php parameter "by". The root cause is a lack of validation of externally entered SQL in a database-driven application. Documented impact is consistent with a high-severity risk (CVSS3.1: 8.8; CVSS2.0: 6.5) affecting confidentialit...