siteserver latest version 3. 6. 4 sql inject-vulnerability warning-the black bar safety net

http://xxx.com/siteserver/service/backgroundtaskLog.aspx?Keyword=test%' and @@version=1 and 2='1&DateFrom=&DateTo=&IsSuccess=All The injection point is present in the Keyword, completely without any filtering. VariousSQL injectiontype, you can execute os cmd, off pants 2. The second injection...