CVE-2022-23168 Information

Description

The attacker could get access to the database. The SQL injection is in the username parameter at the login panel: username: admin’–

Reference

https://www.gov.il/en/departments/faq/cve_advisories