A SQL injection vulnerability exists in Suprema BioStar 2 before 2.9.1, which allows authenticated users to inject arbitrary SQL directives into an SQL statement and execute arbitrary SQL commands.
https://kb.supremainc.com/knowledge/doku.php?id=en:release_note_291
https://claroty.com/team82/disclosure-dashboard/cve-2023-33366