The #usdHeroLab analysts examined the #opensource software #TineGroupware while conducting their #pentest.
1⃣ Vulnerability Type: #SQL Injection (CWE-89)
🚨 Security Risk: Critical
👇🧵 More details
#TineGroupware is an #opensource software that provides a suite of collaborative tools and applications for communication and project management within a business or organization.
🧐During the research on open open source software, our #PentestProfessionals discovered that the sort parameter of the /index.php endpoint is vulnerable to SQL injection.
The vulnerability was reported to the vendor under the Responsible Disclosure Policy and subsequently fixed for #moresecurity. More information can be found here 👩💻🧑💻 👇
https://herolab.usd.de/security-advisories/usd-2023-0002/