Home
Description
Bernd Bestel grocy v4.6.0 was discovered to contain a SQL injection vulnerability in the product-group parameter at /stockreports/spendings. This vulnerability allows attackers to access sensitive database information via a crafted SQL statement.
References
gist.github.com/pyuysig/92e631298ec28d3e6967ad1f2038e75d
gist.github.com/pyuysig/92e631298ec28d3e6967ad1f2038e75d