CVE-2022-23168

The attacker could get access to the database. The SQL injection is in the username parameter at the login panel: username: admin'--