Authentication is needed to exploit this vulnerability. the precise flaw exists within the getFilterString approach. The difficulty results within the insufficient proper validation of the user-provided string before utilizing it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-