3 matches found
CVE-2023-24206
Davinci v0.3.0-rc contains a SQL injection vulnerability via the copyDisplay function. Affected software: Davinci (version 0.3.0-rc). Root cause: improper handling in copyDisplay allows SQL injection, enabling attacker-supplied input to affect database queries. Impact (per CVSS in the entry): you...
CVE-2023-31847
Affects davinci 0.3.0-rc. After login, a user can connect to a malicious MySQL server by abusing data-source control to read arbitrary files on the client side. Impact: confidentiality high; exploitation not described in detail. No patch information is provided in the sources; a workflow-based wo...
CVE-2023-31848
CVE-2023-31848 affects davinci 0.3.0-rc and is caused by a server-side request forgery (SSRF) vulnerability. The available sources consistently identify the affected component as the davinci application, version 0.3.0-rc, with SSRF as the underlying issue. The CVSS 3.1 base metrics in the initial...