Can you please explain where an actual SQL Injection is possible? All i see is a failed prepared SQL query

As i mentioned it is possible to find a SQL Injection Vulnerability but i did not mention that i find a SQL Injection Vulnerability.

Due to this Error the attacker can try different Syntax to identify the columns and number, names of the tables used.

Moreover failing to use a prepared statement/query can be a big issue for a SQL Injection Vulnerability due to no prepared statements given from the Devekoper and the Code will run in the Database and interpreted as Code.

Plus that you can see the Error Message coming out at the End of the Video. This should also be not visible for normal Users.

You've specified this report type to be CWE-89: SQL Injection - which is just untrue. Froxlor uses prepared statements throughout the system.

The uncaught exception has been fixed. Also keep in mind that our demo has special adjustments and might not always reflect 100% the same as the current release.

Thats good to know so you patched the uncaught Error which was the main problem and security Issue with the internal Path Disclosure.

I will be happy if you can verify the security issue as you have patched the uncaught exception as mentioned before.

The Vulnerability Report Title was changed as its is not a SQL Injection Vulnerability.

Can you please assign it a CVE

Hello. The CVE for this Vulnerability hast Not Bern published. When will you publish IT ?

It's literally a note above your comment, it is scheduled to go public on Jan 29th...why so impatient? Gotta give users time to update before this report shows exactly how to the exploit works