Description
In Cerebrate 1.13, a blind SQL injection exists in the searchAll API endpoint.
References (2)
Core 2
Core References
Patch
https://github.com/cerebrate-project/cerebrate/commit/5f1c99cd534442ec40c2129769608e3e61ff8be3
Third Party Advisory
https://zigrin.com/advisories/cerebrate-blind-sql-injection/
Scores
CVSS v3
9.8
EPSS
0.0025
EPSS Percentile
48.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-89
Status
published
Products (1)
cerebrate-project/cerebrate
1.13
Published
Mar 27, 2023
Tracked Since
Feb 18, 2026