EPSS
Percentile
69.3%
salt is vulnerable to SQL injection. User-controlled parameter values are directly concatenated into the update password SQL queries, allowing an attacker to inject arbitrary SQL statements via the user and host parameters.
user
host
github.com/saltstack/salt/blob/f22de0887cd7167887f113bf394244b74fb36b6b/salt/modules/mysql.py#L1534
github.com/saltstack/salt/pull/51462
github.com/ShantonRU/salt/commit/a46c86a987c78e74e87969d8d3b27094e6544b7a