OpenCATS versions from 0.9.1a contain an authenticated SQL injection vulnerability in DataGrid filter handling. The flaw exists in the Candidates DataGrid where the non-filterable Tags column can be targeted through crafted filter requests, allowing attackers to bypass column filterable restrictions and execute arbitrary SQL queries against the database. The vulnerability requires authentication but can l [truncated]
OpenCATS through version 0.9.7.4 contains a SQL injection vulnerability in the DataGrid component's sortDirection parameter. The flaw exists in ajax/getDataGridPager.php, where authenticated attackers can inject malicious SQL to conduct time-based blind injection attacks and extract database contents. The vulnerability requires authentication but can be exploited remotely with low attack complexity.
