A low privileged remote attacker can insert a SQL injection in the web application due to improper handling of HTTP request input data which allows to exfiltrate all data.CreditsJohannes Lauinger of SySS GmbHFidelis Abt of SySS GmbHReferenceshttps://www.syss.de/pentest-blog/sql-injection-in-siempelkamp-nis-umweltoffice