Unguard has four SQL injection vulnerabilities:
- One in the Java
profile-service, which is exploitable through the user biography and allows you to access the h2 database. - One in the Golang
status-service, which is exploitable through the search bar on the Users page and allows you to access the MariaDB database. - One in the PHP
like-service, which allows you to remove another user's like on a given post. - One in the .NET
membership-service, which allows you to add or change another user's membership state.