Blind SQL Injection vulnerability is located in the index.php file of the soeasy module when processing to request manipulated scId parameters. By manipulation of the seed parameter the attackers can. inject own SQL commands to breach the database of that vulnerable application and get access to the user data. The vulnerability can be exploited by remote attackers without privileged application user account and without required user interaction. Successful exploitation of the. SQL injection vulnerability results in application and application service DBMS compromise. Ebrahim Hegazy reported the vulnerability to the Yahoo! The security team with recommendations on how to patch the vulnerability.
Source: https://thehackernews.com/2013/04/yahoo-blind-sql-injection-could-lead-to.html