Описание
Area9 Rhapsode 1.47.3 allows SQL Injection via multiple API endpoints accessible to authenticated users. Insufficient input validation allows remote attackers to inject arbitrary SQL commands, resulting in unauthorized database access and potential compromise of sensitive data. Fixed in v.1.47.4 and beyond.
Ссылки
- Broken Link
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:area9lyceum:rhapsode_learner:1.47.3:*:*:*:*:*:*:*
EPSS
Процентиль: 18%
0.00058
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-89
Связанные уязвимости
CVSS3: 6.5
github
29 дней назад
Area9 Rhapsode 1.47.3 allows SQL Injection via multiple API endpoints accessible to authenticated users. Insufficient input validation allows remote attackers to inject arbitrary SQL commands, resulting in unauthorized database access and potential compromise of sensitive data. Fixed in v.1.47.4 and beyond.
EPSS
Процентиль: 18%
0.00058
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-89