Lucene search
K
GitlabRecent

1518 matches found

GitLab Advisory Database
GitLab Advisory Database
•added 2026/04/08 12:0 a.m.•17 views

WWBN AVideo has an Allowlisted downloadURL media extensions bypass SSRF protection and enable internal response exfiltration (Incomplete fix for CVE-2026-27732)

The fix for CVE-2026-27732 is incomplete. objects/aVideoEncoder.json.php still allows attacker-controlled downloadURL values with common media or archive extensions such as .mp4, .mp3, .zip, .jpg, .png, .gif, and .webm to bypass SSRF validation. The server then fetches the response and stores it ...

8.6CVSS5.9AI score0.00235EPSS
Exploits0References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2026/04/08 12:0 a.m.•12 views

WWBN AVideo has a Live restream log callback flow enabling stored SSRF to internal services

The Live restream log callback flow accepted an attacker-controlled restreamerURL and later fetched that stored URL server-side, enabling stored SSRF for authenticated streamers. The vulnerable flow allowed a low-privilege user with streaming permission to store an arbitrary callback URL and...

6.5CVSS6AI score0.0021EPSS
Exploits0References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2026/04/03 12:0 a.m.•10 views

Antrea has Missing Encryption of Sensitive Data

This is a missing encryption vulnerability CWE-311 affecting inter-Node Pod traffic. In Antrea clusters configured for dual-stack networking with IPsec encryption enabled trafficEncryptionMode: ipsec, Antrea fails to apply encryption for IPv6 Pod traffic. While the IPv4 traffic is correctly...

7.5CVSS5.9AI score0.00121EPSS
Exploits0References7Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2026/04/03 12:0 a.m.•65 views

CocoaMQTT: Denial of Service via Reachable Assertion in `PUBLISH` Packet Parsing

A vulnerability exists in the packet parsing logic of CocoaMQTT that allows an attacker or a compromised/malicious MQTT broker to remotely crash the host iOS/macOS/tvOS application. The vulnerability is located in Source/FramePublish.swift during the extraction of the Topic string from the incomi...

6.5CVSS5.9AI score0.00318EPSS
Exploits1References7Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2026/04/03 12:0 a.m.•32 views

Swift Crypto: X-Wing HPKE Decapsulation Accepts Malformed Ciphertext Length

The X-Wing decapsulation path accepts attacker-controlled encapsulated ciphertext bytes without enforcing the required fixed ciphertext length. The decapsulation call is forwarded into a C API, which expects a compile-time fixed-size ciphertext buffer of 1120 bytes. This creates an FFI...

7.5CVSS6AI score0.00472EPSS
Exploits1References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2026/03/31 12:0 a.m.•12 views

Flask-HTTPAuth invokes token verification callback when missing or empty token was given by client

In a situation where the client makes a request to a token protected resource without passing a token, or passing an empty token, Flask-HTTPAuth would invoke the application's token verification callback function with the token argument set to an empty string. If the application had any users in...

8.2CVSS5.9AI score0.00324EPSS
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2026/03/31 12:0 a.m.•15 views

jose vulnerable to untrusted JWK header key acceptance during signature verification

A vulnerability in jose versions up to and including 0.3.5 could allow an unauthenticated, remote attacker to forge valid JWS/JWT tokens by using a key embedded in the JOSE header jwk. The vulnerability exists because key selection could treat header-provided jwk as a verification candidate even...

7.5CVSS5.9AI score0.0013EPSS
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2026/03/30 12:0 a.m.•7 views

FHIR Validator HTTP service has SSRF via /loadIG Chains with startsWith() Credential Leak for Authentication Token Theft

The FHIR Validator HTTP service exposes an unauthenticated /loadIG endpoint that makes outbound HTTP requests to attacker-controlled URLs. Combined with a startsWith URL prefix matching flaw in the credential provider ManagedWebAccessUtils.getServer, an attacker can steal authentication tokens...

9.3CVSS5.9AI score0.00299EPSS
Exploits1References4
GitLab Advisory Database
GitLab Advisory Database
•added 2026/03/30 12:0 a.m.•11 views

HAPI FHIR Core has Authentication Credential Leakage via Improper URL Prefix Matching on HTTP Redirect

ManagedWebAccessUtils.getServer uses String.startsWith to match request URLs against configured server URLs for authentication credential dispatch. Because configured server URLs e.g., http://tx.fhir.org lack a trailing slash or host boundary check, an attacker-controlled domain like...

9.1CVSS5.9AI score0.00158EPSS
Exploits1References4
GitLab Advisory Database
GitLab Advisory Database
•added 2026/03/30 12:0 a.m.•15 views

nginx-ui Backup Restore Allows Tampering with Encrypted Backups

The nginx-ui backup restore mechanism allows attackers to tamper with encrypted backup archives and inject malicious configuration during restoration...

9.4CVSS5.9AI score0.00328EPSS
Exploits1References7Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2026/03/30 12:0 a.m.•12 views

Nginx Configuration Directory Vulnerable to Recursive Deletion via Improper Path Validation

The nginx-ui configuration improperly handles URL-encoded traversal sequences. When specially crafted paths are supplied, the backend resolves them to the base Nginx configuration directory and executes the operation on the base directory /etc/nginx. In particular, this allows an authenticated us...

6.9CVSS5.9AI score0.00397EPSS
Exploits1References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2026/03/30 12:0 a.m.•19 views

nginx-ui's Unauthenticated MCP Endpoint Allows Remote Nginx Takeover

The nginx-ui MCP Model Context Protocol integration exposes two HTTP endpoints: /mcp and /mcpmessage. While /mcp requires both IP whitelisting and authentication AuthRequired middleware, the /mcpmessage endpoint only applies IP whitelisting - and the default IP whitelist is empty, which the...

9.8CVSS6AI score0.38477EPSS
Exploits4References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2026/03/30 12:0 a.m.•18 views

nginx-ui has Race Condition that Leads to Persistent Data Corruption and Service Collapse

The nginx-ui application is vulnerable to a Race Condition. Due to the complete absence of synchronization mechanisms Mutex and non-atomic file writes, concurrent requests lead to the severe corruption of the primary configuration file app.ini. This vulnerability results in a persistent Denial of...

7.5CVSS6AI score0.00534EPSS
Exploits1References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2026/03/30 12:0 a.m.•5 views

nginx-ui Vulnerable to DoS via Negative Integer Input in Logrotate Interval

An input validation vulnerability in the logrotate configuration allows an authenticated user to cause a complete Denial of Service DoS. By submitting a negative integer for the rotation interval, the backend enters an infinite loop or an invalid state, rendering the web interface unresponsive...

6.9CVSS5.9AI score0.00948EPSS
Exploits1References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2026/03/30 12:0 a.m.•12 views

nginx-UI has Unencrypted Storage of DNS API Tokens and ACME Private Keys

Nginx-UI contains an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated user to access, modify, and delete resources belonging to other users. The application's base Model struct lacks a userid field, and all resource endpoints perform queries by ID without verifyin...

9.9CVSS5.9AI score0.0028EPSS
Exploits1References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2026/03/30 12:0 a.m.•10 views

HAPI FHIR Core has Authentication Credential Leakage via Improper URL Prefix Matching on HTTP Redirect

ManagedWebAccessUtils.getServer uses String.startsWith to match request URLs against configured server URLs for authentication credential dispatch. Because configured server URLs e.g., http://tx.fhir.org lack a trailing slash or host boundary check, an attacker-controlled domain like...

9.1CVSS5.9AI score0.00158EPSS
Exploits1References4
GitLab Advisory Database
GitLab Advisory Database
•added 2026/03/30 12:0 a.m.•11 views

FHIR Validator: Unauthenticated Blind SSRF via /loadIG Endpoint Enables Internal Network Probing

The /loadIG HTTP endpoint in the FHIR Validator HTTP service accepts a user-supplied URL via JSON body and makes server-side HTTP requests to it without any hostname, scheme, or domain validation. An unauthenticated attacker with network access to the validator can probe internal network services...

5.8CVSS5.9AI score0.00235EPSS
Exploits1References4
GitLab Advisory Database
GitLab Advisory Database
•added 2026/03/29 12:0 a.m.•20 views

Trix is vulnerable to XSS through JSON deserialization bypass in drag-and-drop (Level0InputController)

The Trix editor, in versions prior to 2.1.18, is vulnerable to XSS when a crafted application/x-trix-document JSON payload is dropped into the editor in environments using the fallback Level0InputController e.g., embedded WebViews lacking Input Events Level 2 support. The StringPiece.fromJSON...

5.9AI score
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2026/03/27 12:0 a.m.•7 views

AWS SDK for .NET: Improper escaping of special characters in CloudFront policy document construction

This notification is related to the CloudFront signing utilities in the AWS SDK for .NET, which are used to generate Amazon CloudFront signed URLs and signed cookies. A defense-in-depth enhancement has been implemented to improve handling of special characters, such as double quotes and...

5.7AI score
Exploits0References3
GitLab Advisory Database
GitLab Advisory Database
•added 2026/03/27 12:0 a.m.•7 views

AWS SDK for .NET: Improper escaping of special characters in CloudFront policy document construction

This notification is related to the CloudFront signing utilities in the AWS SDK for .NET, which are used to generate Amazon CloudFront signed URLs and signed cookies. A defense-in-depth enhancement has been implemented to improve handling of special characters, such as double quotes and...

5.7AI score
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2026/03/25 12:0 a.m.•7 views

Activitypub-Federation has SSRF via 0.0.0.0 bypass in activitypub-federation-rust v4_is_invalid()

The v4isinvalid function in activitypub-federation-rust src/utils.rs does not check for Ipv4Addr::UNSPECIFIED 0.0.0.0. An unauthenticated attacker controlling a remote domain can point it to 0.0.0.0, bypass the SSRF protection introduced by the fix for CVE-2025-25194 GHSA-7723-35v7-qcxw, and reac...

6.5CVSS5.9AI score0.00359EPSS
Exploits2References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2026/03/25 12:0 a.m.•6 views

Vikunja Allows Disabled/Locked User Accounts to Authenticate via API Tokens, CalDAV, and OpenID Connect

When a user account is disabled or locked, the status check is only enforced on the local login and JWT token refresh paths. Three other authentication paths — API tokens, CalDAV basic auth, and OpenID Connect — do not verify user status, allowing disabled or locked users to continue accessing th...

8.1CVSS5.8AI score0.00453EPSS
Exploits1References9Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2026/03/25 12:0 a.m.•8 views

Vikunja has SSRF via Todoist/Trello Migration File Attachment URLs that Allows Reading Internal Network Resources

The migration helper functions DownloadFile and DownloadFileWithHeaders in pkg/modules/migration/helpers.go make arbitrary HTTP GET requests without any SSRF protection. When a user triggers a Todoist or Trello migration, file attachment URLs from the third-party API response are passed directly ...

6.4CVSS5.9AI score0.00272EPSS
Exploits1References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2026/03/25 12:0 a.m.•21 views

Vikunja has Cross-Project Information Disclosure via Task Relations — Missing Authorization Check on Related Task Read

When the Vikunja API returns tasks, it populates the relatedtasks field with full task objects for all related tasks without checking whether the requesting user has read permission on those tasks' projects. An authenticated user who can read a task that has cross-project relations will receive...

6.5CVSS5.8AI score0.0033EPSS
Exploits1References7Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2026/03/25 12:0 a.m.•8 views

Vikjuna: Link Share Hash Disclosure via ReadAll Endpoint Enables Permission Escalation

The LinkSharing.ReadAll method allows link share authenticated users to list all link shares for a project, including their secret hashes. While LinkSharing.CanRead correctly blocks link share users from reading individual shares via ReadOne, the ReadAllWeb handler bypasses this check by never...

7.5CVSS5.8AI score0.00398EPSS
Exploits1References7Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2026/03/25 12:0 a.m.•11 views

Vikjuna: Webhook BasicAuth Credentials Exposed to Read-Only Project Collaborators via API

The GET /api/v1/projects/:project/webhooks endpoint returns webhook BasicAuth credentials basicauthuser and basicauthpassword in plaintext to any user with read access to the project. While the existing code correctly masks the HMAC secret field, the BasicAuth fields added in a later migration we...

6.5CVSS5.9AI score0.00297EPSS
Exploits1References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2026/03/25 12:0 a.m.•10 views

Vikjuna: IDOR in Task Attachment ReadOne Allows Cross-Project File Access and Deletion

TaskAttachment.ReadOne queries attachments by ID only WHERE id = ?, ignoring the task ID from the URL path. The permission check in CanRead validates access to the task specified in the URL, but ReadOne loads a different attachment that may belong to a task in another project. This allows any...

8.1CVSS5.8AI score0.00265EPSS
Exploits1References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2026/03/25 12:0 a.m.•10 views

Vikjuna Bypasses Webhook SSRF Protections During OpenID Connect Avatar Download

The DownloadImage function in pkg/utils/avatar.go uses a bare http.Client with no SSRF protection when downloading user avatar images from the OpenID Connect picture claim URL. An attacker who controls their OIDC profile picture URL can force the Vikunja server to make HTTP GET requests to...

7.4CVSS5.9AI score0.00395EPSS
Exploits1References7Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2026/03/23 12:0 a.m.•10 views

Rails has a possible XSS vulnerability in its Action View tag helpers

When a blank string is used as an HTML attribute name in Action View tag helpers, the attribute escaping is bypassed, producing malformed HTML. A carefully crafted attribute value could then be misinterpreted by the browser as a separate attribute name, possibly leading to XSS. Applications that...

2.3CVSS5.8AI score0.00516EPSS
Exploits0References10Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2026/03/20 12:0 a.m.•26 views

Vikunja has a Rate-Limit Bypass for Unauthenticated Users via Spoofed Headers

Unauthenticated users are able to bypass the application's built-in rate-limits by spoofing the X-Forwarded-For or X-Real-IP headers due to the rate-limit relying on the value of echo.Context.RealIP...

5.3CVSS5.8AI score0.00328EPSS
Exploits1References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2026/03/20 12:0 a.m.•7 views

Vikunja read-only users can delete project background images via broken object-level authorization

The DELETE /api/v1/projects/:project/background endpoint checks CanRead permission instead of CanUpdate, allowing any user with read-only access to a project to permanently delete its background image...

5.4CVSS5.8AI score0.00211EPSS
Exploits1References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2026/03/20 12:0 a.m.•9 views

Vikunja has a 2FA Bypass via Caldav Basic Auth

The Caldav endpoint allows login using Basic Authentication, which in turn allows users to bypass the TOTP on 2FA-enabled accounts. The user can then access standard project information that would normally be protected behind 2FA if enabled, such as project name, description, etc...

6.9CVSS5.8AI score0.00302EPSS
Exploits1References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2026/03/20 12:0 a.m.•8 views

Vikunja has an IDOR in Task Comments Allows Reading Arbitrary Comments

An authenticated user can read any task comment by ID, regardless of whether they have access to the task the comment belongs to, by substituting the task ID in the API URL with a task they do have access to...

5.3CVSS5.8AI score0.00254EPSS
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2026/03/20 12:0 a.m.•8 views

Vikunja’s Improper Access Control Enables Bypass of Administrator-Imposed Account Disablement

A flaw in Vikunja’s password reset logic allows disabled users to regain access to their accounts. The ResetPassword function sets the user’s status to StatusActive after a successful password reset without verifying whether the account was previously disabled. By requesting a reset token through...

8.1CVSS5.8AI score0.00363EPSS
Exploits1References7Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2026/03/20 12:0 a.m.•8 views

Vikunja has TOTP Reuse During Validity Window

Any user that has enabled 2FA can have their TOTP reused during the standard 30 second validity window...

5.7CVSS5.8AI score0.00258EPSS
Exploits1References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2026/03/20 12:0 a.m.•10 views

Vikunja Affected by DoS via Image Preview Generation

Vulnerability: Unbounded image decoding and resizing during preview generation lets an attacker exhaust CPU and memory with highly compressed but extremely large-dimension images. - Affected code: - Decoding without bounds: taskattachment.go:GetPreview - Resizing path: resizeImage - Endpoint...

6.5CVSS5.8AI score0.00318EPSS
Exploits1References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2026/03/18 12:0 a.m.•19 views

SSRF in @aborruso/ckan-mcp-server via base_url allows access to internal networks

The @aborruso/ckan-mcp-server MCP server provides tools including ckanpackagesearch and sparqlquery that accept a baseurl parameter, making HTTP requests to arbitrary endpoints without restriction. A CKAN portal client has no legitimate reason to contact cloud metadata or internal network service...

5.7CVSS5.9AI score0.00289EPSS
Exploits1References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2026/03/18 12:0 a.m.•8 views

HAPI FHIR HTTP authentication leak in redirects

When setting headers in HTTP requests, the internal HTTP client sends headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the Location: response header value. Sending the same set of headers ...

8.2CVSS5.9AI score0.00264EPSS
Exploits0References4
GitLab Advisory Database
GitLab Advisory Database
•added 2026/03/18 12:0 a.m.•13 views

HAPI FHIR HTTP authentication leak in redirects

When setting headers in HTTP requests, the internal HTTP client sends headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the Location: response header value. Sending the same set of headers ...

8.2CVSS5.9AI score0.00264EPSS
Exploits0References4
GitLab Advisory Database
GitLab Advisory Database
•added 2026/03/18 12:0 a.m.•10 views

HAPI FHIR HTTP authentication leak in redirects

When setting headers in HTTP requests, the internal HTTP client sends headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the Location: response header value. Sending the same set of headers ...

8.2CVSS5.9AI score0.00264EPSS
Exploits0References4
GitLab Advisory Database
GitLab Advisory Database
•added 2026/03/18 12:0 a.m.•31 views

HAPI FHIR HTTP authentication leak in redirects

When setting headers in HTTP requests, the internal HTTP client sends headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the Location: response header value. Sending the same set of headers ...

8.2CVSS5.9AI score0.00264EPSS
Exploits0References4
GitLab Advisory Database
GitLab Advisory Database
•added 2026/03/18 12:0 a.m.•9 views

HAPI FHIR HTTP authentication leak in redirects

When setting headers in HTTP requests, the internal HTTP client sends headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the Location: response header value. Sending the same set of headers ...

8.2CVSS5.9AI score0.00264EPSS
Exploits0References4
GitLab Advisory Database
GitLab Advisory Database
•added 2026/03/18 12:0 a.m.•10 views

HAPI FHIR HTTP authentication leak in redirects

When setting headers in HTTP requests, the internal HTTP client sends headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the Location: response header value. Sending the same set of headers ...

8.2CVSS5.9AI score0.00264EPSS
Exploits0References4
GitLab Advisory Database
GitLab Advisory Database
•added 2026/03/18 12:0 a.m.•10 views

HAPI FHIR HTTP authentication leak in redirects

When setting headers in HTTP requests, the internal HTTP client sends headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the Location: response header value. Sending the same set of headers ...

8.2CVSS5.9AI score0.00264EPSS
Exploits0References4
GitLab Advisory Database
GitLab Advisory Database
•added 2026/03/18 12:0 a.m.•10 views

HAPI FHIR HTTP authentication leak in redirects

When setting headers in HTTP requests, the internal HTTP client sends headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the Location: response header value. Sending the same set of headers ...

8.2CVSS5.9AI score0.00264EPSS
Exploits0References4
GitLab Advisory Database
GitLab Advisory Database
•added 2026/03/18 12:0 a.m.•10 views

HAPI FHIR HTTP authentication leak in redirects

When setting headers in HTTP requests, the internal HTTP client sends headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the Location: response header value. Sending the same set of headers ...

8.2CVSS5.9AI score0.00264EPSS
Exploits0References4
GitLab Advisory Database
GitLab Advisory Database
•added 2026/03/18 12:0 a.m.•9 views

HAPI FHIR HTTP authentication leak in redirects

When setting headers in HTTP requests, the internal HTTP client sends headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the Location: response header value. Sending the same set of headers ...

8.2CVSS5.9AI score0.00264EPSS
Exploits0References4
GitLab Advisory Database
GitLab Advisory Database
•added 2026/03/18 12:0 a.m.•9 views

HAPI FHIR HTTP authentication leak in redirects

When setting headers in HTTP requests, the internal HTTP client sends headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the Location: response header value. Sending the same set of headers ...

8.2CVSS5.9AI score0.00264EPSS
Exploits0References4
GitLab Advisory Database
GitLab Advisory Database
•added 2026/03/18 12:0 a.m.•8 views

HAPI FHIR HTTP authentication leak in redirects

When setting headers in HTTP requests, the internal HTTP client sends headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the Location: response header value. Sending the same set of headers ...

8.2CVSS5.9AI score0.00264EPSS
Exploits0References4
GitLab Advisory Database
GitLab Advisory Database
•added 2026/03/16 12:0 a.m.•7 views

Admidio has a Second-Order SQL Injection via List Configuration (lsc_special_field, lsc_sort, lsc_filter)

The MyList configuration feature in Admidio allows authenticated users to define custom list column layouts. User-supplied column names, sort directions, and filter conditions are stored in the admlistcolumns table via prepared statements safe storage, but are later read back and interpolated...

6AI score
Exploits0References3Affected Software1
Total number of security vulnerabilities1518