SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection via the sort parameter in API endpoints, which is processed by the getOrderBy function. An attacker can execute arbitrary SQL queries and extract sensitive database information by supplying crafted input to the API while...