2 matches found
EUVD-2019-20073
qdPM 9.1 contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the searchbyextrafields parameter. Attackers can send POST requests to the users endpoint with malicious searchbyextrafields values to trigger SQL syntax errors and...
CVE-2019-25669 qdPM 9.1 SQL Injection via search_by_extrafields Parameter
qdPM 9.1 contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the searchbyextrafields parameter. Attackers can send POST requests to the users endpoint with malicious searchbyextrafields values to trigger SQL syntax errors and...