CVE-2022-36606
CVE-2022-36606 affects Ywoa prior to v6.1 and is a SQL injection in the API endpoint /oa/setup/checkPool?database. The root cause is unparameterized input handling in the checkPool endpoint, enabling an attacker to perform unauthenticated remote SQL injection (high impact: C/H, I/H, A/H per NVD)....