Описание
GFast between v2 to v3.2 was discovered to contain a SQL injection vulnerability via the OrderBy parameter at /system/operLog/list.
GFast between v2 to v3.2 was discovered to contain a SQL injection vulnerability via the OrderBy parameter at /system/operLog/list.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2024-55160
- https://github.com/SuperDu1/CVE/issues/2
- https://github.com/tiger1103/gfast/blob/os-v3.2/api/v1/system/sys_oper_log.go#L35
- https://github.com/tiger1103/gfast/blob/os-v3.2/internal/app/system/logic/sysOperLog/sys_oper_log.go#L121
- https://github.com/tiger1103/gfast/tree/os-v3.2
- http://gfast.com
Связанные уязвимости
CVSS3: 9.8
nvd
12 месяцев назад
GFast between v2 to v3.2 was discovered to contain a SQL injection vulnerability via the OrderBy parameter at /system/operLog/list.