Vendor
Oinone Pamirs up to version 7.2.0 is vulnerable to SQL injection in the RSQLToSQLNodeConnector.makeVariable function of the queryListByWrapper Interface, allowing remote attackers to execute arbitrary SQL commands.