A specially-crafted HTTP request can lead to SQL...
High severity
Unreviewed
Published
Dec 23, 2021
to the GitHub Advisory Database
•
Updated Jan 27, 2023
Description
Published by the National Vulnerability Database
Dec 22, 2021
Published to the GitHub Advisory Database
Dec 23, 2021
Last updated
Jan 27, 2023
A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ord’ parameter. However, the high privilege super-administrator account needs to be used to achieve exploitation without cross-site request forgery attack.
References