Kernelcop

**Name of the Vulnerable Software and Affected Versions** imcat version 4.9 **Description** An issue was discovered that allows SQL Injection via the "order" parameter in the "index.php" endpoint, specifically when the "mod" parameter is set to "faqs". **Recommendations** For imcat version 4.9, consider restricting access to the vulnerable `index.php` endpoint with `mod=faqs` action until a patch is available. Avoid using the `order` parameter in this endpoint to minimize the risk of exploitation.