Liberapay: Unsafe deserialization in Libera Pay allows to escalate a SQL injection to Remote Command Execution
Hello. There isn't a direct vulnerability, however a SQL injection would easily be escalated to a Remote Code Execution. I can't directly exploit it due to the restriction on team names it does not accept hexdecimal values. I, however, submit this issue in advance and will attempt to escalate thi...