← voltar
CVE-2022-24124

CVE-2022-24124

EPSS 58.9%
The query API in Casdoor before 1.13.1 has a SQL injection vulnerability related to the field and value parameters, as demonstrated by api/get-organizations.
Produtos afetados
n/a · n/a
PoCs públicas encontradas5
githubgithub.com/ColdFusionX/CVE-2022-241248githubgithub.com/b1gdog/CVE-2022-241242githubgithub.com/abbarhissarh/CVE-2022-241241exploitdbwww.exploit-db.com/exploits/50792não verificadocve_referencepacketstormsecurity.com/files/166163/Casdoor-1.13.0-SQL-Injection.htmlnão verificado
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://packetstormsecurity.com/files/166163/Casdoor-1.13.0-SQL-Injection.htmlhttps://github.com/casdoor/casdoor/compare/v1.13.0...v1.13.1https://github.com/casdoor/casdoor/issues/439https://github.com/casdoor/casdoor/pull/442