CVE-2019-16999
CloudBoot vulnerable to SQL Injection through a crafted Status field in JSON data sent to api/osinstall/v1/device/getNumByStatus (CVE-2019-16999). Multiple sources (NVD, Red Hat, CNVD, CNVD/CVELIST entries) describe the issue as a lack of validation of externally entered SQL statements in CloudBo...