A specially-crafted HTTP request can lead to SQL...
High severity
Unreviewed
Published
Dec 23, 2021
to the GitHub Advisory Database
•
Updated Jan 27, 2023
Description
Published by the National Vulnerability Database
Dec 22, 2021
Published to the GitHub Advisory Database
Dec 23, 2021
Last updated
Jan 27, 2023
A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘surname_filter’ parameter with the administrative account or through cross-site request forgery.
References