3 matches found
BIT-DISCOURSE-2023-38684 Discourse vulnerable to ossible DDoS due to unbounded limits in various controller actions
Discourse is an open source discussion platform. Prior to version 3.0.6 of the stable branch and version 3.1.0.beta7 of the beta and tests-passed branches, in multiple controller actions, Discourse accepts limit params but does not impose any upper bound on the values being accepted. Without an...
CVE-2023-52082 Lychee is vulnerable to an SQL Injection in explain DB queries.
Lychee is a free photo-management tool. Prior to 5.0.2, Lychee is vulnerable to an SQL injection on any binding when using mysql/mariadb. This injection is only active for users with the .env settings set to DBLOGSQL=true and DBLOGSQLEXPLAIN=true. The defaults settings of Lychee are safe. The pat...
CVE-2023-52082 Lychee is vulnerable to an SQL Injection in explain DB queries.
Lychee is a free photo-management tool. Prior to 5.0.2, Lychee is vulnerable to an SQL injection on any binding when using mysql/mariadb. This injection is only active for users with the .env settings set to DBLOGSQL=true and DBLOGSQLEXPLAIN=true. The defaults settings of Lychee are safe. The pat...