15 matches found
CVE-2025-67811
Area9 Rhapsode 1.47.3 allows SQL Injection via multiple API endpoints accessible to authenticated users. Insufficient input validation allows remote attackers to inject arbitrary SQL commands, resulting in unauthorized database access and potential compromise of sensitive data. Fixed in v.1.47.4...
CVE-2025-67811
Area9 Rhapsode 1.47.3 allows SQL Injection via multiple API endpoints accessible to authenticated users. Insufficient input validation allows remote attackers to inject arbitrary SQL commands, resulting in unauthorized database access and potential compromise of sensitive data. Fixed in v.1.47.4...
CVE-2025-67811
Area9 Rhapsode 1.47.3 allows SQL Injection via multiple API endpoints accessible to authenticated users. Insufficient input validation allows remote attackers to inject arbitrary SQL commands, resulting in unauthorized database access and potential compromise of sensitive data. Fixed in v.1.47.4...
CVE-2025-67810
In Area9 Rhapsode 1.47.3, an authenticated attacker can exploit the operation, url, and filename parameters via POST request to read arbitrary files from the server filesystem. Fixed in 1.47.4 7254 and further versions...
CVE-2025-67810
In Area9 Rhapsode 1.47.3, an authenticated attacker can exploit the operation, url, and filename parameters via POST request to read arbitrary files from the server filesystem. Fixed in 1.47.4 7254 and further versions...
EUVD-2026-1683
In Area9 Rhapsode 1.47.3, an authenticated attacker can exploit the operation, url, and filename parameters via POST request to read arbitrary files from the server filesystem. Fixed in 1.47.4 7254 and further versions...
CVE-2025-67811
Area9 Rhapsode 1.47.3 allows SQL Injection via multiple API endpoints accessible to authenticated users. Insufficient input validation allows remote attackers to inject arbitrary SQL commands, resulting in unauthorized database access and potential compromise of sensitive data. Fixed in v.1.47.4...
CVE-2025-67810
In Area9 Rhapsode 1.47.3, an authenticated attacker can exploit the operation, url, and filename parameters via POST request to read arbitrary files from the server filesystem. Fixed in 1.47.4 7254 and further versions...
CVE-2025-67811
Area9 Rhapsode 1.47.3 is vulnerable to SQL Injection via multiple API endpoints accessible to authenticated users due to insufficient input validation. Impacted: unauthorized database access and potential data compromise. Mitigation: upgrade to v1.47.4 or later (fixed in 1.47.4+). This CVE (CVE-2...
CVE-2025-67810
Area9 Rhapsode 1.47.3 is affected. An authenticated attacker can exploit the operation, url, and filename parameters via a POST request to read arbitrary files from the server filesystem. The issue is fixed in version 1.47.4 (and later). The available references confirm the vulnerability is tied ...
Area9 Rhapsode 安全漏洞
Area9 Rhapsode is an adaptive learning platform from Area9 USA. A security vulnerability exists in Area9 Rhapsode version 1.47.3, which stems from improper parameter manipulation and could lead to arbitrary file reads...
Area9 Rhapsode 安全漏洞
Area9 Rhapsode is an adaptive learning platform from Area9 USA. A security vulnerability exists in Area9 Rhapsode version 1.47.3, which stems from insufficient input validation and could lead to an SQL injection attack...
PT-2026-1884
Name of the Vulnerable Software and Affected Versions Area9 Rhapsode version 1.47.3 Description Area9 Rhapsode version 1.47.3 is susceptible to SQL Injection through multiple API endpoints accessible to authenticated users. Insufficient input validation allows remote attackers to inject arbitrary...
CVE-2025-67810
In Area9 Rhapsode 1.47.3, an authenticated attacker can exploit the operation, url, and filename parameters via POST request to read arbitrary files from the server filesystem. Fixed in 1.47.4 7254 and further versions...
PT-2026-1883
Name of the Vulnerable Software and Affected Versions Area9 Rhapsode versions prior to 1.47.4 Description An authenticated attacker can exploit the operation, url, and filename parameters via a POST request to read arbitrary files from the server filesystem. The affected parameters are used in a...