@payloadcms/drizzle has SQL Injection in JSON/RichText Queries on PostgreSQL/SQLite Adapters

Impact When querying JSON or richText fields, user input was directly embedded into SQL without escaping, enabling blind SQL Injection attacks. An unauthenticated attacker could extract sensitive data emails, password reset tokens and achieve full account takeover without password cracking. Users...

Payload 授权问题漏洞

Payload is a Headless CMS and application framework built using TypeScript, Node.js, React, and MongoDB. Payload suffers from an authorization issue vulnerability that stems from SQLite adapters reusing identifiers during account creation, which could lead to a session fixation attack...