CVE-2021-36431

2023-02-0300:00:00

mitre

www.cve.org

sql injection

jocms 0.8

remote attackers

arbitrary sql commands

sensitive information

jo_json_check()

mask.php

AI Score

9.6

Confidence

High

EPSS

0.002

Percentile

53.4%

JSON

SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jo_json_check() function in jocms/apps/mask/inc/mask.php.

References

github.com/mxgbr/jocms/issues/6