CVE-2021-28022

Blind SQL injection in the login form in ServiceTonic Helpdesk software < 9.0.35937 allows attacker to exfiltrate information via specially crafted HQL-compatible time-based SQL queries. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt