Lucene search
K

6 matches found

OSV
OSV
added 2021/09/08 11:15 a.m.6 views

CVE-2021-23404

This affects all versions of package sqlite-web. The SQL dashboard area allows sensitive actions to be performed without validating that the request originated from the application. This could enable an attacker to trick a user into performing these actions unknowingly through a Cross Site Reques...

8.8CVSS7.3AI score0.00477EPSS
Exploits1References2
NVD
NVD
added 2021/09/08 11:15 a.m.30 views

CVE-2021-23404

This affects all versions of package sqlite-web. The SQL dashboard area allows sensitive actions to be performed without validating that the request originated from the application. This could enable an attacker to trick a user into performing these actions unknowingly through a Cross Site Reques...

8.8CVSS0.00477EPSS
Exploits1References2
Cvelist
Cvelist
added 2021/09/08 10:50 a.m.38 views

CVE-2021-23404 Cross-site Request Forgery (CSRF)

This affects all versions of package sqlite-web. The SQL dashboard area allows sensitive actions to be performed without validating that the request originated from the application. This could enable an attacker to trick a user into performing these actions unknowingly through a Cross Site Reques...

7.6CVSS9.2AI score0.00477EPSS
Exploits1References2
CVE
CVE
added 2021/09/08 10:50 a.m.85 views

CVE-2021-23404

CVE-2021-23404 affects all versions of sqlite-web. The vulnerability is a Cross-Site Request Forgery (CSRF) in the SQL dashboard area that can cause sensitive actions to be performed without confirming the request origin. The issue is documented across multiple sources (NVD, GHSA, OSV, Snyk) with...

8.8CVSS8.4AI score0.00477EPSS
Exploits1References2Affected Software1
vulnersOsv
vulnersOsv
added 2021/07/09 12:12 p.m.5 views

db-systray (>=0.1.0 <=0.1.2), dbm-systray (>=0.1.3 <=0.2.0) +6 more potentially affected by CVE-2021-23404 via sqlite-web (>=0.6.8 <=0.7.2)

sqlite-web PYPI version =0.6.8, =0.1.0, =0.1.3, =0.0.2, =0.0.2, =0.0.1, =0.2.1, =0.1.8, =0.2.6 Source cves: CVE-2021-23404 Source advisory: SNYK:PYTHON-SQLITEWEB-1316324...

8.8CVSS7.2AI score0.00477EPSS
Exploits1
SQLite
SQLite
added 2021/01/01 12:0 a.m.20 views

SQLite report about CVE-2021-23404

This is not a bug in SQLite. The bug is in a third-party application that uses SQLite and includes "sqlite" in its name. This CVE is included on the list because it mentions SQLite even though the bug has nothing to do with SQLite...

8.8CVSS8.2AI score0.00477EPSS
Exploits1
Rows per page
Query Builder