7 matches found
Exploit for SQL Injection in Casbin Casdoor
POC for CVE-2022-24124 Exploit Code for CVE-2022-24124ht...
Casdoor SQL Injection (CVE-2022-24124)
On Jan 22, 2022, a high severity SQL Injection vulnerability was reported in Casdoor which affected versions before 1.13.1 release. The vulnerability is tracked as CVE-2022-24124 with CVSS V3 7.5 score has a publicly available simple proof of concept which makes it easier for skilled attackers to...
Casdoor 1.13.0 - SQL Injection (Unauthenticated) Vulnerability
// Exploit Title: Casdoor 1.13.0 - SQL Injection Unauthenticated // Exploit Author: Mayank Deshmukh // Vendor Homepage: https://casdoor.org/ // Software Link: https://github.com/casdoor/casdoor/releases/tag/v1.13.0 // Version: version 1.13.1 // Security Advisory:...
Exploit for SQL Injection in Casbin Casdoor
POC for CVE-2022-24124 Exploit Code for CVE-2022-24124ht...
CVE-2022-24124
The query API in Casdoor before 1.13.1 has a SQL injection vulnerability related to the field and value parameters, as demonstrated by api/get-organizations...
CVE-2022-24124
The query API in Casdoor before 1.13.1 has a SQL injection vulnerability related to the field and value parameters, as demonstrated by api/get-organizations...
CVE-2022-24124
Casdoor prior to 1.13.1 is affected by an unauthenticated SQL injection in the query API (api/get-organizations) via the field and value parameters. The Nuclei template and related proofs indicate an unauthenticated remote injection that can dump database information and potentially lead to data ...