Yes, if they have a known vulnerability in the wild in a currently-supported product, the rest is just details.
Tangentially, I wonder: has anyone built a friendly browse/search interface for all-time CVE data [0]? This makes me curious about what the history of SQL injection vulnerability discovery looks like.
Tangentially, I wonder: has anyone built a friendly browse/search interface for all-time CVE data [0]? This makes me curious about what the history of SQL injection vulnerability discovery looks like.
0: https://cve.mitre.org/data/downloads/index.html