…assword of user via his email address and when the user opens the forget password link he received. The server will give the attacker valid permission to change the password of the user through this endpoint using his email address.
… this vulnerability. SQLmap did not discover any injection while I was able to exploit it manually. I figured out that SQLmap also has a flag “--from” for “FROM” clause of the SQL statement. Using this, SQLmap was able to identify the vulnerability.