83 matches found
CVE-2024-25168
SQL injection vulnerability in snow snow v.2.0.0 allows a remote attacker to execute arbitrary code via the dataScope parameter of the system/role/list interface...
PT-2024-20796 · Snow Snow · Snow Snow
Name of the Vulnerable Software and Affected Versions: snow snow version 2.0.0 Description: A SQL injection issue allows a remote attacker to execute arbitrary code via the dataScope parameter of the "system/role/list" interface. This enables the attacker to potentially access and manipulate...
CVE-2024-25168
Snow Snow v2.0.0 is affected by a SQL injection in the dataScope parameter of the system/role/list interface, enabling a remote attacker to execute arbitrary code. The root cause is input handling in that endpoint, allowing injectable SQL statements. Documented impact is remote code execution wit...
CVE-2024-0784
A vulnerability was found in hongmaple octopus 1.0. It has been classified as critical. Affected is an unknown function of the file /system/role/list. The manipulation of the argument dataScope leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to...
Octopus Deploy SQL Injection Vulnerability
Octopus Deploy is an automation tool for .NET, Java and other application development and deployment from Octopus Deploy Australia. A SQL injection vulnerability exists in Octopus Deploy version 1.0, which stems from /system/role/list containing unknown functions that cause SQL injection via the...
CVE-2023-24221
LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/DeptMapper.xml...
CVE-2023-24221
LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/DeptMapper.xml...
CVE-2023-24219
LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/UserMapper.xml...
CVE-2023-24219
LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/UserMapper.xml...
CVE-2023-24220
LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/RoleMapper.xml...
CVE-2023-24220
LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/RoleMapper.xml...
Sql injection
LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/UserMapper.xml...
Sql injection
LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/DeptMapper.xml...
Sql injection
LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/RoleMapper.xml...
CVE-2023-24219
LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/UserMapper.xml...
CVE-2023-24221
Affected product: LuckyframeWEB v3.5. Vulnerability: SQL injection via the dataScope parameter in /system/DeptMapper.xml. Root cause: unsanitized input leading to query manipulation (as stated in CVE records). Impact: high confidentiality, integrity, and availability (CVSS 3.1 base score 9.8). Ex...
CVE-2023-24220
LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/RoleMapper.xml...
Luckyframe SQL注入漏洞
LuckyFrame is a free and open source testing platform. A security vulnerability exists in Luckyframe v3.5, which originates from a SQL injection vulnerability in the dataScope parameter in /system/UserMapper.xml...
CVE-2023-24219
CVE-2023-24219 affects LuckyframeWEB v3.5. The vulnerability is a SQL injection in the dataScope parameter of /system/UserMapper.xml. The root cause, as described in the sources, is improper handling/use of user-supplied data in dataScope, leading to high-severity impact (CVE metrics show Confide...
CVE-2023-24221
LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/DeptMapper.xml...