Falconspy

**Name of the Vulnerable Software and Affected Versions** SOPlanning version 1.45 **Description** The issue allows for authenticated SQL Injection, which can lead to command execution. This is achievable via the `users` parameter, as demonstrated in the export ical.php file. **Recommendations** For SOPlanning version 1.45, consider restricting access to the export ical.php file and avoid using the `users` parameter until a patch is available. As a temporary workaround, restrict the use of the `users` parameter in the affected API endpoint to minimize the risk of exploitation.