RAVA certificate validation system has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL command to access, modify and delete database.Referenceshttps://www.twcert.org.tw/tw/cp-132-6617-109b0-1.html
