Due to improper sanitization iPack SCADA Automation software suffers from a remote SQL injection vulnerability. An unauthenticated attacker with the web access is able to extract critical information from the system. PoC here https://github.com/paradessia/cve/blob/main/Ipack-Scada-Automation.txt
