/
**security-research** Public
# ENGAGE – Oh no! Something went wrong.
## Package
Engage (Engage)
## Affected versions
WebApplication
## Patched versions
None
## Description
### Summary
A vulnerability was found in engage platform, where an internal server error message exposes sensitive information about the servers, including SQL table which could lead to SQL injection.
### Severity
Low – This vulnerability discloses partial information that is not immediately exploitable.
### Proof of Concept
– Go to https://www.letsengage.com/google-form
– File the form, enter text with some strange string encoding (I don’t exactly know what, looking at the error, something that latin1_swedish_ci cannot represent) in one of the input fields (I don’t know which one).
– Go to the end of the form by filing all the inputs.
– Click submit.
– …
– Get the error message.
### Timeline
**Date reported**: 09/20/2024
**Date fixed**:
**Date disclosed**: 1/10/2025