A vulnerability classified as critical has been found in Inis up to 2.0.1. Affected is an unknown function of the file /app/api/controller/default/Sqlite.php. The manipulation of the argument sql leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-250110 is the identifier assigned to this vulnerability.
References
Link | Resource |
---|---|
https://note.zhaoj.in/share/nWYJHrmUqv7i | Broken Link |
https://vuldb.com/?ctiid.250110 | Permissions Required Third Party Advisory |
https://vuldb.com/?id.250110 | Third Party Advisory |
Configurations
History
16 Jan 2024, 19:33
Type | Values Removed | Values Added |
---|---|---|
References | () https://note.zhaoj.in/share/nWYJHrmUqv7i - Broken Link | |
References | () https://vuldb.com/?id.250110 - Third Party Advisory | |
References | () https://vuldb.com/?ctiid.250110 - Permissions Required, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CPE | cpe:2.3:a:inis_project:inis:*:*:*:*:*:*:*:* | |
First Time |
Inis Project
Inis Project inis |
09 Jan 2024, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-09 20:15
Updated : 2024-05-17 02:34
NVD link : CVE-2024-0342
Mitre link : CVE-2024-0342
CVE.ORG link : CVE-2024-0342
JSON object : View
Products Affected
inis_project
- inis
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')