Dismissed
Permalink
CVE-2020-37154
7.1 HIGH
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): LOW
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): LOW
- Availability impact (A): NONE
by @LeSuisse Activity log
- Created automatic suggestion
-
@LeSuisse
removed
6 packages
- haskellPackages.selections
- haskellPackages.cardano-coin-selection
- kakounePlugins.kakoune-vertical-selection
- python313Packages.colcon-package-selection
- python314Packages.colcon-package-selection
- vscode-extensions.albymor.increment-selection
- @LeSuisse dismissed
eLection 2.0 - 'id' SQL Injection
eLection 2.0 contains an authenticated SQL injection vulnerability in the candidate management endpoint that allows attackers to manipulate database queries through the 'id' parameter. Attackers can leverage SQLMap to exploit the vulnerability, potentially gaining remote code execution by uploading backdoor files to the web application directory.
References
- ExploitDB-48122 exploit
- eLection Project Vendor Homepage product
- Researcher Exploit Disclosure technical-description exploit
- VulnCheck Advisory: eLection 2.0 - 'id' SQL Injection third-party-advisory
- ExploitDB-48122 exploit
- eLection Project Vendor Homepage product
- Researcher Exploit Disclosure technical-description exploit
- VulnCheck Advisory: eLection 2.0 - 'id' SQL Injection third-party-advisory
- VulnCheck Advisory: eLection 2.0 - 'id' SQL Injection third-party-advisory
- ExploitDB-48122 exploit
- eLection Project Vendor Homepage product
- Researcher Exploit Disclosure technical-description exploit
Affected products
eLection
- ==2.0