Data Theft Risk in Salesforce by Manipulating Public Links

The vulnerability was related to the undocumented Salesforce Aura API and SOQL subqueries, allowing a blind SOQL injection attack to retrieve customer information, including personally identifiable information (PII).

>>More