Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cnvdChina National Vulnerability DatabaseCNVD-2022-88813
HistorySep 29, 2022 - 12:00 a.m.

Strapi SQL Injection Vulnerability

2022-09-2900:00:00
China National Vulnerability Database
www.cnvd.org.cn
30
strapi
sql injection
cms
vulnerability
database data
admin api

0.002 Low

EPSS

Percentile

57.3%

JSON

Strapi is an open source content management system (CMS). versions of Strapi prior to 3.6.10 and 4.0.0 and later, and prior to 4.1.10, contain a SQL injection vulnerability that stems from its incorrect handling of hidden attributes in admin API responses. An attacker could exploit the vulnerability to obtain database data.

Related

osv 2
cve 1
nvd 1
prion 1
cvelist 1
github 1
veracode 1
osv
osv
Strapi mishandles hidden attributes within admin API responses
2022-09-28 00:00:17
CVE-2022-31367
2022-09-27 23:15:13
cve
cve
CVE-2022-31367
2022-09-27 23:15:13
nvd
nvd
CVE-2022-31367
2022-09-27 23:15:13
prion
prion
Design/Logic Flaw
2022-09-27 23:15:00
cvelist
cvelist
CVE-2022-31367
2022-09-27 13:02:41
github
github
Strapi mishandles hidden attributes within admin API responses
2022-09-28 00:00:17
veracode
veracode
Information Disclosure
2022-09-28 08:32:02

0.002 Low

EPSS

Percentile

57.3%

JSON
Related for CNVD-2022-88813
osv2cve1nvd1prion1cvelist1github1veracode1