A vulnerability was found in coderd-repos Eva 1.0.0 and classified as critical. Affected by this issue is some unknown functionality of the file /system/traceLog/page of the component HTTP POST Request Handler. The manipulation of the argument property leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250124.
References
Link | Resource |
---|---|
https://github.com/laoquanshi/heishou/blob/main/eva%20sql.md | Exploit |
https://vuldb.com/?ctiid.250124 | Permissions Required Third Party Advisory |
https://vuldb.com/?id.250124 | Third Party Advisory |
Configurations
History
16 Jan 2024, 21:09
Type | Values Removed | Values Added |
---|---|---|
References | () https://vuldb.com/?id.250124 - Third Party Advisory | |
References | () https://github.com/laoquanshi/heishou/blob/main/eva%20sql.md - Exploit | |
References | () https://vuldb.com/?ctiid.250124 - Permissions Required, Third Party Advisory | |
CPE | cpe:2.3:a:coderd-repos:eva:1.0.0:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
First Time |
Coderd-repos
Coderd-repos eva |
10 Jan 2024, 01:21
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-10 01:15
Updated : 2024-05-17 02:34
NVD link : CVE-2024-0357
Mitre link : CVE-2024-0357
CVE.ORG link : CVE-2024-0357
JSON object : View
Products Affected
coderd-repos
- eva
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')