CVE-2021-31818

MEDIUM

Octopus Server 2018.9.17-2018.13.0 - Authenticated SQL Injection in Events REST API

Title source: llm
STIX 2.1

Description

Affected versions of Octopus Server are prone to an authenticated SQL injection vulnerability in the Events REST API because user supplied data in the API request isn’t parameterised correctly. Exploiting this vulnerability could allow unauthorised access to database tables.

Scores

CVSS v3 4.3
EPSS 0.0062
EPSS Percentile 45.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-89
Status published
Products (1)
octopus/server 2018.9.17 - 2018.13.0
Published Jun 17, 2021
Tracked Since Feb 18, 2026