Domoticz before 4.10578 allows SQL Injection via the idx parameter in CWebServer::GetFloorplanImage in WebServer.cpp.
9.8CVSS
9.8AI Score
0.014EPSS
Domoticz before 4.10579 neglects to categorize \n and \r as insecure argument options.
7.5CVSS
7.8AI Score
0.056EPSS
5.4CVSS
5.2AI Score
0.001EPSS