Описание
Mocodo vulnerable to SQL injection in /web/generate.php
Mocodo Mocodo Online 4.2.6 and below does not properly sanitize the sql_case input field in /web/generate.php, allowing remote attackers to execute arbitrary SQL commands and potentially command injection, leading to remote code execution (RCE) under certain conditions.
Ссылки
Пакеты
Наименование
mocodo
pip
Затронутые версииВерсия исправления
<= 4.2.6
4.2.7
Связанные уязвимости
CVSS3: 9.8
nvd
больше 1 года назад
Mocodo Mocodo Online 4.2.6 and below does not properly sanitize the sql_case input field in /web/generate.php, allowing remote attackers to execute arbitrary commands and potentially command injection, leading to remote code execution (RCE) under certain conditions.