CVE-2019-25481

Name of the Vulnerable Software and Affected Versions iScripts ReserveLogic (affected versions not specified)

Description The software contains an SQL injection issue that allows unauthenticated attackers to manipulate database queries. This is achieved by injecting SQL code through the jqSearchDestination parameter. Attackers can send POST requests to the search endpoint with crafted SQL payloads to extract sensitive database information. The affected API endpoint is the search endpoint.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.