CVE-2022-24121
Unified Office Total Connect Now suffers a cookie-parameter SQL Injection (cookie parameters such as authtoken/PHPSESSID) that can disclose sensitive data. Root cause cited as CWE-565: reliance on cookies without validation/integrity checking. Public sources (CORE advisory) detail vulnerable depl...