Data Theft Risk in Salesforce by Manipulating Public Links
Data Theft Risk in Salesforce by Manipulating Public Links
18 September 2024
The vulnerability was related to the undocumented Salesforce Aura API and SOQL subqueries, allowing a blind SOQL injection attack to retrieve customer information, including personally identifiable information (PII).