SQL Injection

Overview katello is a package that adds Content and Subscription Management to Foreman Affected versions of this package are vulnerable to SQL Injection via improper sanitization of user input in the sortby parameter of the /api/hosts/bootcimages endpoint. An attacker can cause database errors or...

PT-2024-22786 · Strapi · @Strapi/Plugin-Content-Manager +1

Name of the Vulnerable Software and Affected Versions: Strapi versions prior to 4.19.1 Description: The issue concerns Strapi, an open-source content management system. In affected versions, when a super admin creates a collection with an item associated to another collection, a user with the...