EUVD-2024-33174

Malicious code in bioql PyPI...

CVE-2024-10546

A vulnerability classified as critical was found in open-scratch Teaching 在线教学平台 up to 2.7. This vulnerability affects unknown code of the file /api/sys/ng-alain/getDictItemsByTable/ of the component URL Handler. The manipulation leads to sql injection. The attack can be initiated remotely. The...

CVE-2024-10546

The CVE-2024-10546 entry concerns open-scratch Teaching 在线教学平台 (versions up to 2.7). The vulnerability exists in the URL Handler’s API endpoint /api/sys/ng-alain/getDictItemsByTable/ and is due to an SQL injection in that API. It is exploitable remotely and an exploit has been disclosed publicly....

CVE-2024-10546 open-scratch Teaching 在线教学平台 URL getDictItemsByTable sql injection

A vulnerability classified as critical was found in open-scratch Teaching 在线教学平台 up to 2.7. This vulnerability affects unknown code of the file /api/sys/ng-alain/getDictItemsByTable/ of the component URL Handler. The manipulation leads to sql injection. The attack can be initiated remotely. The...

CVE-2024-10546 open-scratch Teaching 在线教学平台 URL getDictItemsByTable sql injection

A vulnerability classified as critical was found in open-scratch Teaching 在线教学平台 up to 2.7. This vulnerability affects unknown code of the file /api/sys/ng-alain/getDictItemsByTable/ of the component URL Handler. The manipulation leads to sql injection. The attack can be initiated remotely. The...

PT-2024-16359 · Unknown · Open-Scratch

Name of the Vulnerable Software and Affected Versions: open-scratch Teaching 在线教学平台 versions up to 2.7 Description: A critical issue was found in the URL Handler component, specifically affecting the /api/sys/ng-alain/getDictItemsByTable/ API endpoint. This issue leads to sql injection and can be...