Описание
A SQL injection vulnerability exists in Synnefo Internet Management Software (IMS) version 2023 and earlier. This vulnerability occurs due to improper input validation in a specific API endpoint parameter allowing an attacker to manipulate SQL queries via crafted input. Successful exploitation could lead to unauthorized access to database records with DB administrator privileges which can be leveraged to escalate privileges further and execute arbitrary OS commands.
EPSS
Процентиль: 32%
0.00123
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-89
Связанные уязвимости
CVSS3: 9.8
github
около 1 года назад
Synnefo Internet Management Software 2023 was discovered to contain a SQL injection vulnerability.
EPSS
Процентиль: 32%
0.00123
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-89