CVE-2024-25168

2024-03-2212:15:07

[email protected]

web.nvd.nist.gov

cve-2024-25168

sql injection

snow v.2.0.0

datascope parameter

remote code execution

nvd

8.6 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

SQL injection vulnerability in snow snow v.2.0.0 allows a remote attacker to execute arbitrary code via the dataScope parameter of the system/role/list interface.

References

github.com/biantaibao/snow_SQL/blob/main/report.md