Описание
A vulnerability was found in Mindinventory MindSQL up to 0.2.1. Impacted is the function ask_db of the file mindsql/core/mindsql_core.py. Performing a manipulation results in code injection. The attack can be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
EPSS
Процентиль: 14%
0.00046
Низкий
6.3 Medium
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-74
Связанные уязвимости
CVSS3: 6.3
github
20 дней назад
MindSQL is vulnerable to Code Injection through its ask_db function
EPSS
Процентиль: 14%
0.00046
Низкий
6.3 Medium
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-74