EUVD-2020-23328

Malware in sbrugna...

CVE-2020-35666

Steedos Platform through 1.21.24 allows NoSQL injection because the /api/collection/findone implementation in server/packages/steedosbase.js mishandles req.body validation, as demonstrated by MongoDB operator attacks such as an X-User-Id$ne=1 value...

CVE-2020-35666

Steedos Platform through 1.21.24 allows NoSQL injection because the /api/collection/findone implementation in server/packages/steedosbase.js mishandles req.body validation, as demonstrated by MongoDB operator attacks such as an X-User-Id$ne=1 value...

CVE-2020-35666

Steedos Platform through 1.21.24 allows NoSQL injection because the /api/collection/findone implementation in server/packages/steedosbase.js mishandles req.body validation, as demonstrated by MongoDB operator attacks such as an X-User-Id$ne=1 value...

Sql injection

Steedos Platform through 1.21.24 allows NoSQL injection because the /api/collection/findone implementation in server/packages/steedosbase.js mishandles req.body validation, as demonstrated by MongoDB operator attacks such as an X-User-Id$ne=1 value...

CVE-2020-35666

Steedos Platform through 1.21.24 allows NoSQL injection because the /api/collection/findone implementation in server/packages/steedosbase.js mishandles req.body validation, as demonstrated by MongoDB operator attacks such as an X-User-Id$ne=1 value...

CVE-2020-35666

Steedos Platform (until version 1.21.24) is affected by a NoSQL injection in the /api/collection/findone handler. The underlying issue is inadequate validation of req.body in server/packages/steedos_base.js, which can be exploited using MongoDB operators (e.g., X-User-Id[$ne]=1) to influence quer...

Steedos Steedos-platform SQL Injection Vulnerability

Steedos Steedos-platform is a Javascript-based website builder for creating websites in a declarative way organized by Steedos China. A SQL injection vulnerability exists in Steedos Platform version 1.21.24 and prior versions, which stems from allowing NoSQL injection because...