Chatwoot - Second Order Time
Source: Tenable
Published:
<p>The custom attribute definition API allows creating attributes with arbitrary attribute_key values without validation. When these attributes are used in conversation/ filters, the key is directly interpolated into SQL queries in build_custom_attr_query, enabling stored SQL injection. An attacker