CVE-2021-31818
MEDIUMOctopus Server 2018.9.17-2018.13.0 - Authenticated SQL Injection in Events REST API
Title source: llmDescription
Affected versions of Octopus Server are prone to an authenticated SQL injection vulnerability in the Events REST API because user supplied data in the API request isn’t parameterised correctly. Exploiting this vulnerability could allow unauthorised access to database tables.
References (1)
Core 1
Core References
Various Sources x_refsource_misc
https://advisories.octopus.com/adv/2021-04---SQL-Injection-in-the-Events-REST-API-%28CVE-2021-31818%29.2013233248.html
Scores
CVSS v3
4.3
EPSS
0.0062
EPSS Percentile
45.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-89
Status
published
Products (1)
octopus/server
2018.9.17 - 2018.13.0
Published
Jun 17, 2021
Tracked Since
Feb 18, 2026