Davinci v0.3.0-rc was discovered to contain a SQL injection vulnerability via the copyDisplay function.
9.8CVSS
9.8AI Score
0.002EPSS
In davinci 0.3.0-rc after logging in, the user can connect to the mysql malicious server by controlling the data source to read arbitrary files on the client side.
6.5CVSS
6.4AI Score
0.001EPSS
8.8CVSS
8.7AI Score
0.001EPSS