6 matches found
CVE-2026-44204
Shelf is a platform for tracking physical assets. From 1.12 to before 1.20.1, a SQL injection vulnerability in the sortBy query parameter on the /assets route allows any authenticated user any role to execute arbitrary SQL and read data from any table in the database, including data belonging to...
CVE-2026-44204
Shelf is a platform for tracking physical assets. From 1.12 to before 1.20.1, a SQL injection vulnerability in the sortBy query parameter on the /assets route allows any authenticated user any role to execute arbitrary SQL and read data from any table in the database, including data belonging to...
CVE-2026-44204 Shelf: SQL Injection via sortBy Parameter
Shelf is a platform for tracking physical assets. From 1.12 to before 1.20.1, a SQL injection vulnerability in the sortBy query parameter on the /assets route allows any authenticated user any role to execute arbitrary SQL and read data from any table in the database, including data belonging to...
CVE-2026-44204
Shelf is a platform for tracking physical assets. CVE-2026-44204 describes a SQL injection in the sortBy query parameter on the /assets route affecting versions 1.12 up to before 1.20.1. An authenticated user (any role) could execute arbitrary SQL and read data from any table, including data belo...
CVE-2026-44204 Shelf: SQL Injection via sortBy Parameter
Shelf is a platform for tracking physical assets. From 1.12 to before 1.20.1, a SQL injection vulnerability in the sortBy query parameter on the /assets route allows any authenticated user any role to execute arbitrary SQL and read data from any table in the database, including data belonging to...
shelf.nu 输入验证错误漏洞
shelf.nu is an open-source physical asset tracking and management platform developed by Shelf. Versions of shelf.nu from 1.12 to 1.20.1 contained a vulnerability related to input validation errors. This vulnerability stemmed from the SQL injection vulnerability in the sortBy query parameter on th...