exploitDog

GHSA-7vjm-x245-64r8

Опубликовано: 29 июл. 2022

Источник: github

Github: Не прошло ревью

CVSS3: 8.8

Описание

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in webapi component in Synology CardDAV Server before 6.0.10-0153 allows remote authenticated users to inject SQL commands via unspecified vectors.

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in webapi component in Synology CardDAV Server before 6.0.10-0153 allows remote authenticated users to inject SQL commands via unspecified vectors.

Ссылки

EPSS

Процентиль: 68%

0.00575

Низкий

8.8 High

CVSS3

CVE ID

Дефекты

CWE-89

Связанные уязвимости

CVE-2022-27613

CVSS3: 8.3

nvd

больше 3 лет назад

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in webapi component in Synology CardDAV Server before 6.0.10-0153 allows remote authenticated users to inject SQL commands via unspecified vectors.

EPSS

Процентиль: 68%

0.00575

Низкий

8.8 High

CVSS3

CVE ID

Дефекты

CWE-89