CVE-2021-41187

🗓️ 01 Nov 2021 21:20:08Reported by GitHub_MType

DHIS 2 SQL injection vulnerability in /api endpoint

Reporter	Title	Published	Views	Family All 7
Circl	CVE-2021-41187	2 Nov 202101:34	–	circl
CNNVD	DHIS 2 SQL注入漏洞	1 Nov 202100:00	–	cnnvd
Cvelist	CVE-2021-41187 SQL Injection in DHIS2 Tracker API	1 Nov 202121:20	–	cvelist
EUVD	EUVD-2021-28285	3 Oct 202520:07	–	euvd
NVD	CVE-2021-41187	1 Nov 202122:15	–	nvd
Prion	Sql injection	1 Nov 202122:15	–	prion
RedhatCVE	CVE-2021-41187	9 Jan 202608:54	–	redhatcve

NVD

Vulners

Node

dhis2 dhis_2Range2.32.0–2.32.7

dhis2 dhis_2Range2.33.0–2.33.9

dhis2 dhis_2Range2.34.0–2.34.6

dhis2 dhis_2Range2.35.0–2.35.7

dhis2 dhis_2Range2.36.0–2.36.3

[
  {
    "product": "dhis2-core",
    "vendor": "dhis2",
    "versions": [
      {
        "status": "affected",
        "version": ">= 2.32.0, < 2.32-EOS"
      },
      {
        "status": "affected",
        "version": ">= 2.33.0, < 2.33-EOS"
      },
      {
        "status": "affected",
        "version": ">= 2.34.0, < 2.34.7"
      },
      {
        "status": "affected",
        "version": ">= 2.35.0, < 2.35.8"
      },
      {
        "status": "affected",
        "version": ">= 2.36.0, < 2.36.4"
      }
    ]
  }
]

Source	Link
github	www.github.com/dhis2/dhis2-core/security/advisories/GHSA-fvm5-gp3j-c7c6

21 Nov 2024 06:25Current

8.8High risk

Vulners AI Score8.8

CVSS 26.5

CVSS 3.18.1 - 8.8

EPSS0.00234

CWE-89