Описание
An issue was discovered in Jorani 0.6.5. SQL Injection (error-based) allows a user of the application without permissions to read and modify sensitive information from the database used by the application via the startdate or enddate parameter to leaves/validate.
Ссылки
- Issue TrackingVendor Advisory
- ExploitThird Party Advisory
- Third Party AdvisoryVDB Entry
- Issue TrackingVendor Advisory
- ExploitThird Party Advisory
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:jorani_project:jorani:0.6.5:*:*:*:*:*:*:*
EPSS
Процентиль: 44%
0.0022
Низкий
5.4 Medium
CVSS3
5.5 Medium
CVSS2
Дефекты
CWE-89
Связанные уязвимости
CVSS3: 5.4
github
больше 3 лет назад
An issue was discovered in Jorani 0.6.5. SQL Injection (error-based) allows a user of the application without permissions to read and modify sensitive information from the database used by the application via the startdate or enddate parameter to leaves/validate.
EPSS
Процентиль: 44%
0.0022
Низкий
5.4 Medium
CVSS3
5.5 Medium
CVSS2
Дефекты
CWE-89