Multiple SQL injection vulnerabilities in the monitoring feature in the HTTP API in ABBYY FlexiCapture before 12 Release 2 allow an attacker to execute arbitrary SQL commands via the mask, sortOrder, filter, or Order parameter.Referenceshttp://www.abbyydownloads.com/fc12/ReleaseNotes_FC12_R2_U6_1299.29_build_12.0.2.1420.pdf
