This vulnerability in LambertGroup SHOUT (up to version 3.5.3) is caused by improper neutralization of special elements in SQL commands, resulting in SQL Injection. The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L) indicates that an attacker can exploit this remotely over the network with low complexity and requires low privileges, without user interaction. Successful exploitation can lead to a complete confidentiality breach of the database and a limited impact on availability. The vulnerability is publicly disclosed but lacks vendor-provided patch or mitigation details.

An attacker with low privileges can remotely exploit this vulnerability to execute unauthorized SQL commands, potentially leading to full disclosure of sensitive data stored in the database (high confidentiality impact). There is no direct impact on integrity, and availability impact is low. No known exploitation in the wild has been reported so far.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict access to the affected SHOUT application to trusted users only and consider implementing web application firewall (WAF) rules to detect and block SQL injection attempts. Monitor vendor channels for updates regarding patches or official mitigations.