SQL Injection vulnerability in inxedu 2.0.6 allows malicious users to execute arbitrary commands via the functionIds parameter to /saverolefunction.
inxedu inxedu 2.0.6