Sql injection

NoSQL injection vulnerability in GROWI versions prior to v4.2.20 allows a remote attacker to obtain and/or alter the information stored in the database via unspecified vectors...

CVE-2021-20736

CVE-2021-20736 affects GROWI; NoSQL injection (CWE-943) vulnerability in GROWI versions prior to v4.2.20 could allow a remote attacker to obtain or alter data via unspecified vectors. Connected sources confirm the fixed version is v4.2.20 (and the 4.2.x line), with guidance to upgrade; there is n...

CVE-2021-20736

NoSQL injection vulnerability in GROWI versions prior to v4.2.20 allows a remote attacker to obtain and/or alter the information stored in the database via unspecified vectors...

Multiple vulnerabilities in GROWI

Overview GROWI provided by WESEEK, Inc. contains multiple vulnerabilities listed below. NoSQL injection CWE-943 - CVE-2021-20736 Improper authentication CWE-287 - CVE-2021-20737 Impact The expected impact depends on each vulnerability, but it may be affected as follows. A user who can access the...

JVN#95457785: Multiple vulnerabilities in GROWI

GROWI provided by WESEEK, Inc. contains multiple vulnerabilities listed below. NoSQL injection CWE-943 - CVE-2021-20736 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L| Base Score: 7.3 CVSS v2| AV:N/AC:L/Au:N/C:P/I:P/A:P| Base Score: 7.5 Improper...

Rocket.Chat 3.12.1 NoSQL Injection / Code Execution

Title: Rocket.Chat 3.12.1 - NoSQL Injection to RCE Unauthenticated Author: enox Date: 06-06-2021 Product: Rocket.Chat Vendor: https://rocket.chat/ Vulnerable Versions: Rocket.Chat 3.12.1 CVE: CVE-2021-22911 Credits: https://blog.sonarsource.com/nosql-injections-in-rocket-chat !/usr/bin/python...

Rocket.Chat 3.12.1 - NoSQL Injection to Remote Code Execution (Unauthenticated) Exploit

Title: Rocket.Chat 3.12.1 - NoSQL Injection to RCE Unauthenticated Author: enox Product: Rocket.Chat Vendor: https://rocket.chat/ Vulnerable Versions: Rocket.Chat 3.12.1 CVE: CVE-2021-22911 Credits: https://blog.sonarsource.com/nosql-injections-in-rocket-chat !/usr/bin/python import requests impo...

Rocket.Chat 3.12.1 - NoSQL Injection (Unauthenticated)

Title: Rocket.Chat 3.12.1 - NoSQL Injection to RCE Unauthenticated Author: enox Date: 06-06-2021 Product: Rocket.Chat Vendor: https://rocket.chat/ Vulnerable Versions: Rocket.Chat 3.12.1 CVE: CVE-2021-22911 Credits: https://blog.sonarsource.com/nosql-injections-in-rocket-chat !/usr/bin/python...

Exploit for Special Element Injection in Rocket.Chat

CVE-2021-22911 Pre-Auth Blind NoSQL Injection leading to Remot...

Unspecified Vulnerability in Rocket.Chat

Rocket.Chat is an open source team chat software. A security vulnerability exists in Rocket.Chat versions 3.11, 3.12, and 3.13. The vulnerability could lead to unauthenticated NoSQL injection. No details of the vulnerability are provided at this time...

CVE-2021-22911

A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenticated NoSQL injection, resulting potentially in RCE...

CVE-2021-22911

A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenticated NoSQL injection, resulting potentially in RCE...

Sql injection

A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenticated NoSQL injection, resulting potentially in RCE...

CVE-2021-22911

A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenticated NoSQL injection, resulting potentially in RCE...

CVE-2021-22911

CVE-2021-22911 affects Rocket.Chat 3.11–3.13 and is a NoSQL injection that enables unauthenticated access to an API endpoint, potentially leading to data exposure, modification, or remote code execution. Root cause: NoSQL injection in endpoints such as getPasswordPolicy and users.list, enabling r...

Cockpit CMS 0.11.1 NoSQL Injection / Remote Command Execution Exploit

This Metasploit module exploits two NoSQL injection vulnerabilities to retrieve the user list and password reset tokens from the system. Next, the USER is targeted to reset their password. Then, a command injection vulnerability is used to execute the payload. While it is possible to upload a...

Rocket.Chat: Post-Auth Blind NoSQL Injection in the users.list API leads to Remote Code Execution

Summary: The users.list API endpoint is vulnerable to NoSQL injection attacks. It can be used to take over accounts by leaking password reset tokens and 2FA secrets. Taking over an admin account leads to Remote Code Execution. Description: The users.list API endpoint takes a custom query via the...

Rocket.Chat: Pre-Auth Blind NoSQL Injection leading to Remote Code Execution

Summary: The getPasswordPolicy method is vulnerable to NoSQL injection attacks and does not require authentication/authorization. It can be used to take over accounts by leaking password reset tokens. Taking over an admin account leads to Remote Code Execution. Description: The getPasswordPolicy...

CVE-2020-35848

Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php newpassword function...

CVE-2020-35847

Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function...