CVE-2021-36433

2023-02-0300:00:00

mitre

www.cve.org

sql injection

jocms

remote attackers

arbitrary sql commands

sensitive information

AI Score

9.6

Confidence

High

EPSS

0.002

Percentile

53.4%

JSON

SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jo_delete_mask function in jocms/apps/mask/mask.php.

References

github.com/mxgbr/jocms/issues/6