Описание
FireShare FileShare 1.2.25 contains a time-based blind SQL injection vulnerability in the sort parameter of the endpoint: GET /api/videos/public?sort= This parameter is unsafely evaluated in a SQL ORDER BY clause without proper sanitization, allowing an attacker to inject arbitrary SQL subqueries.
Ссылки
- ExploitThird Party Advisory
- ExploitIssue Tracking
- Release Notes
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:shaneisrael:fireshare:1.2.25:*:*:*:*:*:*:*
EPSS
Процентиль: 13%
0.00042
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-89
Связанные уязвимости
CVSS3: 6.5
github
5 месяцев назад
FireShare FileShare 1.2.25 contains a time-based blind SQL injection vulnerability in the sort parameter of the endpoint: GET /api/videos/public?sort= This parameter is unsafely evaluated in a SQL ORDER BY clause without proper sanitization, allowing an attacker to inject arbitrary SQL subqueries.
EPSS
Процентиль: 13%
0.00042
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-89