5 matches found
@likenttt/waline-with-feishu (>=1.24.1 <=1.24.2), @waline/vercel (>=1.18.6 <=1.28.2) +11 more potentially affected by CVE-2020-21176 via thinkjs (>=0.1.29 <=3.2.14)
thinkjs NPM version =0.1.29, =1.24.1, =1.18.6, =0.0.2, =0.1.0, =2.1.8, =1.0.5, =1.0.0, =1.0.0, =1.0.1, =1.0.0, =0.0.0, =1.0.4 Source cves: CVE-2020-21176 Source advisory: OSV:GHSA-Q5MQ-6FJG-4MW8...
CVE-2020-21176
creationtimestamp| type| source ---|---|--- 2021-02-01 21:25:15+00:00| seen| https://t.me/cibsecurity/22916...
CVE-2020-21176
SQL injection vulnerability in the model.increment and model.decrement function in ThinkJS 3.2.10 allows remote attackers to execute arbitrary SQL commands via the step parameter...
CVE-2020-21176
CVE-2020-21176 describes an SQL injection in ThinkJS 3.2.10. The affected components are the functions model.increment and model.decrement, where user-supplied input via the step parameter can be used to craft and execute arbitrary SQL commands on the backend. The vulnerability enables unauthenti...
Arbitrary Code Injection Over HTTP Traffic (CVE-2020-21176; CVE-2020-25042; CVE-2020-26248; CVE-2020-26712; CVE-2020-28994; CVE-2020-29284; CVE-2020-6308; CVE-2021-25912)
Arbitrary Code Injections Over HTTP Traffic...