Hndky

Name of the Vulnerable Software and Affected Versions: KASO version 9.0 Description: A SQL injection issue was discovered via the `person id` parameter at the "/cardcase/editcard.jsp" API endpoint. This allows for potential exploitation of the database. Recommendations: For KASO version 9.0, consider restricting access to the "/cardcase/editcard.jsp" endpoint until a fix is available, and avoid using the `person id` parameter in this endpoint to minimize the risk of exploitation.