Strapi is an open source content management system (CMS). versions of Strapi prior to 3.6.10 and 4.0.0 and later, and prior to 4.1.10, contain a SQL injection vulnerability that stems from its incorrect handling of hidden attributes in admin API responses. An attacker could exploit the vulnerability to obtain database data.
CPE | Name | Operator | Version |
---|---|---|---|
strapi strapi | lt | 3.6.10 | |
strapi strapi 4.*, | lt | 4.1.10 |