exploitDog

CVE-2023-50718

Опубликовано: 14 мая 2024

Источник: nvd

CVSS3: 6.5

CVSS3: 6.5

EPSS Низкий

Описание

NocoDB is software for building databases as spreadsheets. Prior to version 0.202.10, an authenticated attacker with create access could conduct a SQL Injection attack on MySQL DB using unescaped table_name. This vulnerability may result in leakage of sensitive data in the database. Version 0.202.10 contains a patch for the issue.

Ссылки

https://github.com/nocodb/nocodb/security/advisories/GHSA-8fxg-mr34-jqr8
Exploit
Vendor Advisory
https://github.com/nocodb/nocodb/security/advisories/GHSA-8fxg-mr34-jqr8
Exploit
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:nocodb:nocodb:*:*:*:*:*:*:*:*

Версия до 0.202.10 (исключая)

EPSS

Процентиль: 46%

0.00231

Низкий

6.5 Medium

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-89

Связанные уязвимости

GHSA-8fxg-mr34-jqr8

CVSS3: 6.5

github

больше 1 года назад

NocoDB SQL Injection vulnerability

EPSS

Процентиль: 46%

0.00231

Низкий

6.5 Medium

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-89