A SQL injection bug in the BillQuick billing app has not only leaked sensitive information, it’s also let malicious actors remotely execute code and deploy ransomware.
https://threatpost.com/billquick-billing-app-ransomware/175720/
Discussion related to Vulnerabilities