Since Gab illegally restricted access to their code on GitLab (Eugen can sue them now, btw) here’s a mirror of the commits so you can be informed about their SQL injection vulnerability.

The SQL injection was introduced here: https://gitlab.com/alexgleason/gab-social/-/commit/fb3b7545705153022c24bb072fbdb3925b8cbfeb

And it was patched here: https://gitlab.com/alexgleason/gab-social/-/commit/6e42e3b1eca73c306db1580719a3a1bfb715f6d8