CVE-2024-55160
GFast OrderBy SQL Injection Vulnerability.
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
GFast versions 2 through 3.2 contain a SQL injection vulnerability in the OrderBy parameter, allowing unauthenticated attackers to execute arbitrary SQL commands. This could lead to unauthorized access or modification of system operational logs, potentially impacting service integrity.