Ox882

**Name of the Vulnerable Software and Affected Versions** Tiobon Employee Self-Service System versions prior to 7.3 **Description** A SQL injection issue exists in the Login Endpoint component within the '/Blog/BlogSearch.aspx' endpoint. Remote attackers can exploit this by manipulating the `Keyword` argument. SQL injection is a technique where malicious SQL statements are inserted into entry fields for execution, potentially allowing unauthorized access to the database. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. Avoid using the `Keyword` argument in the '/Blog/BlogSearch.aspx' endpoint to minimize the risk of exploitation.