Описание
An SQL Injection vulnerability has been found on Jorani version 1.0.0. This vulnerability allows an authenticated remote user, with low privileges, to send queries with malicious SQL code on the "/leaves/validate" path and the “id” parameter, managing to extract arbritary information from the database.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:jorani:jorani:1.0.0:*:*:*:*:*:*:*
EPSS
Процентиль: 68%
0.00565
Низкий
8.8 High
CVSS3
Дефекты
CWE-89
CWE-89
Связанные уязвимости
CVSS3: 8.8
github
больше 2 лет назад
An SQL Injection vulnerability has been found on Jorani version 1.0.0. This vulnerability allows an authenticated remote user, with low privileges, to send queries with malicious SQL code on the "/leaves/validate" path and the “id” parameter, managing to extract arbritary information from the database.
EPSS
Процентиль: 68%
0.00565
Низкий
8.8 High
CVSS3
Дефекты
CWE-89
CWE-89