An issue was discovered in /fcgi/scrut_fcgi.fcgi in Plixer Scrutinizer before 19.3.1. The csvExportReport endpoint action generateCSV is vulnerable to SQL injection through the sorting parameter, allowing an unauthenticated user to execute arbitrary SQL statements in the context of the application's backend database server.
References
Link | Resource |
---|---|
https://github.com/atredispartners/advisories/blob/master/ATREDIS-2023-0001.md | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2023-10-12T00:00:00
Updated: 2023-10-12T22:07:35.638720
Reserved: 2023-08-25T00:00:00
Link: CVE-2023-41262
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-10-12T23:15:11.190
Modified: 2023-10-16T18:17:04.240
Link: CVE-2023-41262
JSON object: View
Redhat Information
No data.
CWE