6 matches found
CVE-2026-15477
Bahmni bahmnicore (up to 0.93) is affected in the Search Endpoint (file /openmrs/ws/rest/v1/bahmnicore/sql), specifically the function additionalParams. A manipulated argument can lead to SQL injection, with remote exploitation possible and public exploit details. Remediation: upgrade to 0.93.1, ...
CVE-2026-15477 Bahmni bahmnicore Search Endpoint sql additionalParams sql injection
A vulnerability was detected in Bahmni bahmnicore up to 0.93. This affects the function additionalParams of the file /openmrs/ws/rest/v1/bahmnicore/sql of the component Search Endpoint. Performing a manipulation of the argument test results in sql injection. The attack can be initiated remotely...
CVE-2026-15477 Bahmni bahmnicore Search Endpoint sql additionalParams sql injection
A vulnerability was detected in Bahmni bahmnicore up to 0.93. This affects the function additionalParams of the file /openmrs/ws/rest/v1/bahmnicore/sql of the component Search Endpoint. Performing a manipulation of the argument test results in sql injection. The attack can be initiated remotely...
CVE-2024-38518
BigBlueButton (BBB) is affected. A valid join link can be manipulated to generate a signed join link with extra parameters (for example role=moderator), allowing an attacker to join a meeting as moderator using a link intended for viewers. This vulnerability is addressed in BBB versions 2.6.18, 2...
CVE-2024-38518 bbb-web API additional parameters considered
BigBlueButton is an open-source virtual classroom designed to help teachers teach and learners learn. An attacker with a valid join link to a meeting can trick BigBlueButton into generating a signed join link with additional parameters. One of those parameters may be "role=moderator", allowing an...
Ruby on Rails: ActionController::Parameters .each returns an unsafe hash
Rails 5.1.4 The goal of ActionController::Parameters's permit method strong parameters is to prevent accidental trust in the parameters sent by the client. We can therefore not simply create a hash of all the parameters in the params without permitting them first. When we really want to do this...