We did a website (scl.org.sg) scan & the result showed 1 high risk vulnerability in SQL Injection scan.
Scan report attached. Please do the needful ASAP.
Hello,
This is more of a false positive. They are changing the filter value from ASC / DESC to a word that doesn't exist in the order by clause hence the failover. If they tried to execute SQL any SQL Injection would be filtered within it.
I'll make a change to ensure this filter only accepts ASC/DESC however in future versions.