6 matches found
CVE-2024-53507
A SQL injection vulnerability was discovered in Siyuan 3.1.11 in /getHistoryItems...
CVE-2024-53507
A SQL injection vulnerability was discovered in Siyuan 3.1.11 in /getHistoryItems...
SiYuan 安全漏洞
SiYuan is a privacy-first personal knowledge management system from SiYuan Open Source. A security vulnerability exists in SiYuan version 3.1.11, which originates from the /getHistoryItems file containing a SQL injection vulnerability...
CVE-2024-53507
Siyuan 3.1.11 contains a SQL injection vulnerability in the /getHistoryItems endpoint. The CVE notes an exploitation path over the network with no user interaction, and the CVSSv3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) yields a base score of 9.8 (CRITICAL). The incident is corroborated by...
CVE-2024-53507
A SQL injection vulnerability was discovered in Siyuan 3.1.11 in /getHistoryItems...
PT-2024-35767 · Siyuan · Siyuan
Name of the Vulnerable Software and Affected Versions: Siyuan version 3.1.11 Description: A SQL injection issue was found in the /getHistoryItems endpoint. This allows for potential exploitation through SQL injection attacks. No information is provided about the estimated number of affected devic...