CVE-2021-43650
CVE-2021-43650 : In WebRun 3.6.0.42, a SQL injection exists in the login flow via the P_0 parameter (username). The PoC shows a crafted POST to /webrun/executeRule.do with P_0 and P_1 parameters; the server returns a numeric-type error, indicating a SQLi issue that can leak or modify data. Exploi...