Описание
A SQL Injection vulnerability was discovered in the Smart Polling functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SELECT SQL statements on the DBMS used by the web application, potentially exposing unauthorized data.
Ссылки
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 25.2.0 (исключая)Версия до 25.2.0 (исключая)
Одно из
cpe:2.3:a:nozominetworks:cmc:*:*:*:*:*:*:*:*
cpe:2.3:a:nozominetworks:guardian:*:*:*:*:*:*:*:*
EPSS
Процентиль: 11%
0.00037
Низкий
5.3 Medium
CVSS3
6.5 Medium
CVSS3
Дефекты
CWE-89
Связанные уязвимости
CVSS3: 5.3
github
4 месяца назад
A SQL Injection vulnerability was discovered in the Smart Polling functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SELECT SQL statements on the DBMS used by the web application, potentially exposing unauthorized data.
EPSS
Процентиль: 11%
0.00037
Низкий
5.3 Medium
CVSS3
6.5 Medium
CVSS3
Дефекты
CWE-89