CVE-2024-8308 Information

Description

A low privileged remote attacker can insert a SQL injection in the web application due to improper handling of HTTP request input data which allows to exfiltrate all data.

Reference

https://www.syss.de/pentest-blog/sql-injection-in-siempelkamp-nis-umweltoffice