The attacker could get access to the database. The SQL injection is in the username parameter at the login panel: username: admin'--CreditsMoriel Harush, Dudu Moyal, Gad Abuhatziera - Sophtix Security LTDReferenceshttps://www.gov.il/en/departments/faq/cve_advisories
