Security Advisory
CVE-2020-37163
CVE vulnerability detail — eXtreme Datacenter Security Operations
Description
QuickDate 1.3.2 contains a SQL injection vulnerability that allows remote attackers to manipulate database queries through the _located parameter in the find_matches endpoint. Attackers can inject UNION-based SQL statements to extract database information including user credentials, database name, and system version.