CVE-2023-38870

CVE-2023-38870

A SQL injection vulnerability exists in gugoan Economizzer commit 3730880 (April 2023) and v.0.9-beta1. The cash book has a feature to list accomplishments by category, and the ‘category_id’ parameter is vulnerable to SQL Injection.

Source: CVE-2023-38870