SQL injection vulnerability in FIT2CLOUD RackShift v1.7.1 allows attackers to execute arbitrary code via the sort parameter to taskService.list(), bareMetalService.list(), and switchService.list().
sort