After a WAS scan on a webapp I do get a SQL Injection vulnerability (QID 150003).
My problem is that I do not manage to reproduce it with Qualys scan report info.
It's about a form parameter sent with HTTP GET, but the payload is: @PATH@@FILENAME@1.@EXTENSION@
If it help, target database is ORACLE.
Can someone explain it to me please?