CVE-2024-25168
Snow Snow v2.0.0 is affected by a SQL injection in the dataScope parameter of the system/role/list interface, enabling a remote attacker to execute arbitrary code. The root cause is input handling in that endpoint, allowing injectable SQL statements. Documented impact is remote code execution wit...