SQL Injection Vulnerability in ROCBOSS V2.2.1 via PostController.php

CVE-2019-11362 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

app/controllers/frontend/PostController.php in ROCBOSS V2.2.1 has SQL injection via the Post:doReward score paramter, as demonstrated by the /do/reward/3 URI.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.