SQL Injection Vulnerability in ROCBOSS V2.2.1 via PostController.php
CVE-2019-11362 · HIGH Severity
AV:N/AC:L/AU:N/C:P/I:P/A:P
app/controllers/frontend/PostController.php in ROCBOSS V2.2.1 has SQL injection via the Post:doReward score paramter, as demonstrated by the /do/reward/3 URI.
Learn more about our Cis Benchmark Audit For Microsoft Sql Server.