Vendor
SAT CFDI 3.3 is vulnerable to SQL injection via the 'id' parameter in the signIn endpoint, allowing attackers to manipulate database queries, potentially leading to sensitive data extraction or application compromise.