CVE-2022-29603
CVE-2022-29603 affects UniverSIS UniverSIS-API up to version 1.2.1. The SQL Injection is triggered via the $select parameter across multiple API endpoints (e.g., /api/students/me/messages/). A remote authenticated attacker could craft SQL statements to retrieve personal information or change grad...