CVE-2021-26578
HPE Network Orchestrator (NetO) prior to version 2.5 is affected by a SQL injection vulnerability in the connections resource, triggered via user input that is not properly filtered. ZDI details a remote, unauthenticated attacker leveraging a crafted uaf-token header to execute SQL and disclose s...