SQL injection vulnerability in KBase Express 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) id parameter to category.php and (2) search parameters to search.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.014
EPSS Ranking 68.7%