Cbauhofer

**Name of the Vulnerable Software and Affected Versions** Korzh EasyQuery versions through 7.4.0 **Description** A weakness exists in Korzh EasyQuery due to SQL injection. The issue affects unknown processing of the `/api/easyquery/models/nwind/fetch` API endpoint within the Query Builder UI component. This manipulation can be initiated remotely. The exploit has been made publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.