Blind SQL Injection in Search Functionality

Severity: Critical | Status: Resolved

Summary

The search functionality was vulnerable to time-based blind SQL injection through improper input handling.

/search?q=test' AND SLEEP(5)-- -

Complete database compromise including user credentials.

This vulnerability was reported responsibly and fixed by the vendor before public disclosure.