Severity: Critical
CVSS Score: 9.8
Time-based SQL injection exists in Spotweb 1.4.9 via the query string.