Shaneisrael

**Name of the Vulnerable Software and Affected Versions** FireShare FileShare version 1.2.25 **Description** FireShare FileShare version 1.2.25 contains a time-based blind SQL injection issue in the `sort` parameter of the `/api/videos/public?sort=` API endpoint. The parameter is unsafely evaluated in a SQL ORDER BY clause without proper sanitization, allowing an attacker to inject arbitrary SQL subqueries. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.