SQL injection vulnerability inSpryker Commerce OS 0.9 that allows for access to sensitive data via customer/order?orderSearchForm[searchText]=
https://www.schutzwerk.com/blog/schutzwerk-sa-2023-001/
https://www.schutzwerk.com/advisories/SCHUTZWERK-SA-2023-001.txt
http://seclists.org/fulldisclosure/2023/May/2
http://packetstormsecurity.com/files/172257/Spryker-Commerce-OS-1.0-SQL-Injection.html