The GET parameter "sidx" is used in a SQL statement without being sanitised when searching for subscribers in the dashboard, leading to an authenticated SQL Injection issue.
The PoC will be displayed once the issue has been remediated
Erik David Martin
2021-02-08 (about 1 years ago)
2021-02-10 (about 1 years ago)