CVE advisoryCRITICAL
CVE-2020-24193
Daily Tracker System SQL Injection Authentication Bypass CVE-2020-24193
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
A SQL injection vulnerability in the login process of the Daily Tracker System allows an unauthenticated user to bypass authentication by sending a malicious SQL command via the email parameter. This could enable unauthorized access to system functionalities.