exploitDog

GHSA-hg2r-4969-58rf

Опубликовано: 12 авг. 2025

Источник: github

Github: Не прошло ревью

CVSS3: 7.2

Описание

SQL injection in Ivanti Avalanche before version 6.4.8.8008 allows a remote authenticated attacker with admin privileges to execute arbitrary SQL queries. In certain conditions, this can also lead to remote code execution

SQL injection in Ivanti Avalanche before version 6.4.8.8008 allows a remote authenticated attacker with admin privileges to execute arbitrary SQL queries. In certain conditions, this can also lead to remote code execution

Ссылки

EPSS

Процентиль: 58%

0.0037

Низкий

7.2 High

CVSS3

CVE ID

Дефекты

CWE-89

Связанные уязвимости

CVE-2025-8296

CVSS3: 7.2

nvd

около 1 месяца назад

SQL injection in Ivanti Avalanche before version 6.4.8.8008 allows a remote authenticated attacker with admin privileges to execute arbitrary SQL queries. In certain conditions, this can also lead to remote code execution

EPSS

Процентиль: 58%

0.0037

Низкий

7.2 High

CVSS3

CVE ID

Дефекты

CWE-89