18 matches found
EUVD-2022-33934
Malicious code in bioql PyPI...
EUVD-2022-33358
Malicious code in bioql PyPI...
CVE-2022-29603
A SQL Injection vulnerability exists in UniverSIS UniverSIS-API through 1.2.1 via the $select parameter to multiple API endpoints. A remote authenticated attacker could send crafted SQL statements to a vulnerable endpoint such as /api/students/me/messages/ to, for example, retrieve personal...
CVE-2022-28924
An information disclosure vulnerability in UniverSIS-Students before v1.5.0 allows attackers to obtain sensitive information via a crafted GET request to the endpoint /api/students/me/courses/...
CVE-2022-28924
An information disclosure vulnerability in UniverSIS-Students before v1.5.0 allows attackers to obtain sensitive information via a crafted GET request to the endpoint /api/students/me/courses/...
CVE-2022-28924
An information disclosure vulnerability in UniverSIS-Students before v1.5.0 allows attackers to obtain sensitive information via a crafted GET request to the endpoint /api/students/me/courses/...
CVE-2022-28924
An information disclosure vulnerability in UniverSIS-Students before v1.5.0 allows attackers to obtain sensitive information via a crafted GET request to the endpoint /api/students/me/courses/...
Information disclosure
An information disclosure vulnerability in UniverSIS-Students before v1.5.0 allows attackers to obtain sensitive information via a crafted GET request to the endpoint /api/students/me/courses/...
CVE-2022-28924
The CVE-2022-28924 entry concerns UniverSIS-Students prior to v1.5.0, where a crafted GET request to /api/students/me/courses/ can disclose sensitive information. The vulnerability is an information disclosure flaw in the API endpoint, enabling attackers to access data without proper authorizatio...
CVE-2022-28924
An information disclosure vulnerability in UniverSIS-Students before v1.5.0 allows attackers to obtain sensitive information via a crafted GET request to the endpoint /api/students/me/courses/...
UniverSIS UniverSIS-API SQL Injection Vulnerability
UniverSIS UniverSIS-API is a student information system architecture interface. A remote attacker could use this vulnerability to retrieve personal information or change grades by sending a crafted SQL statement...
CVE-2022-29603
A SQL Injection vulnerability exists in UniverSIS UniverSIS-API through 1.2.1 via the $select parameter to multiple API endpoints. A remote authenticated attacker could send crafted SQL statements to a vulnerable endpoint such as /api/students/me/messages/ to, for example, retrieve personal...
CVE-2022-29603
A SQL Injection vulnerability exists in UniverSIS UniverSIS-API through 1.2.1 via the $select parameter to multiple API endpoints. A remote authenticated attacker could send crafted SQL statements to a vulnerable endpoint such as /api/students/me/messages/ to, for example, retrieve personal...
CVE-2022-29603
A SQL Injection vulnerability exists in UniverSIS UniverSIS-API through 1.2.1 via the $select parameter to multiple API endpoints. A remote authenticated attacker could send crafted SQL statements to a vulnerable endpoint such as /api/students/me/messages/ to, for example, retrieve personal...
Sql injection
A SQL Injection vulnerability exists in UniverSIS UniverSIS-API through 1.2.1 via the $select parameter to multiple API endpoints. A remote authenticated attacker could send crafted SQL statements to a vulnerable endpoint such as /api/students/me/messages/ to, for example, retrieve personal...
CVE-2022-29603
CVE-2022-29603 affects UniverSIS UniverSIS-API up to version 1.2.1. The SQL Injection is triggered via the $select parameter across multiple API endpoints (e.g., /api/students/me/messages/). A remote authenticated attacker could craft SQL statements to retrieve personal information or change grad...
CVE-2022-29603
A SQL Injection vulnerability exists in UniverSIS UniverSIS-API through 1.2.1 via the $select parameter to multiple API endpoints. A remote authenticated attacker could send crafted SQL statements to a vulnerable endpoint such as /api/students/me/messages/ to, for example, retrieve personal...
UniverSIS UniverSIS-API SQL注入漏洞
UniverSIS UniverSIS-API is a student information system architecture interface. A remote attacker could use this vulnerability to retrieve personal information or change grades by sending a crafted SQL statement...