SQL injection in a IBM DB2 database was found at: "http://foo.tld/controller", using HTTP method GET. The sent data was: "param=d'z"0&find=Find&key=FrAmE30.". The modified parameter was "param". This vulnerability was found in the request with id 42.