CordysCRM 1.4.1 is vulnerable to SQL Injection in the employee list query interface (/user/list) via the departmentIds parameter.Referenceshttps://github.com/Tomikun2/SQL-Injection-in-CordysCRM/blob/main/README.md
