The vulnerability exists due to insufficient validation of user-supplied input within IPV6/IPV4 embedding. The disclosed vulnerability allows a remote attacker to perform SSRF attacks. Is there known malware, which exploits this vulnerability?ĬWE-ID: CWE-918 - Server-Side Request Forgery (SSRF) Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application. A remote attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
The vulnerability exists due to insufficient sanitization of user-supplied data in user table. The vulnerability allows a remote attacker to execute arbitrary SQL queries in database. CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
0 kommentar(er)
