Tonyshavez

**Name of the Vulnerable Software and Affected Versions** Grocery Crud version 1.6.4 **Description** The software contains a SQL injection issue in the `order by` parameter. Remote attackers can manipulate database queries by injecting malicious SQL code through the `order by[]` parameter in POST requests to the `/ajax list` API endpoint, potentially allowing them to extract or modify database information. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict or sanitize the `order by` parameter in the `/ajax list` API endpoint.