Product
YAFNET's flawed authorization allows low-privileged users to execute arbitrary SQL commands via the `/Admin/RunSql` endpoint, potentially leading to data exfiltration, application modification, and denial-of-service.