CVE-2024-5523

HIGH

Astrotalks 10/03/2023 - Authenticated SQL Injection via SearchString Parameter

Title source: llm
STIX 2.1

Description

SQL injection vulnerability in Astrotalks affecting version 10/03/2023. This vulnerability could allow an authenticated local user to send a specially crafted SQL query to the 'searchString' parameter and retrieve all information stored in the database.

References (1)

Core 1

Scores

CVSS v3 8.8
EPSS 0.0037
EPSS Percentile 29.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-89
Status published
Products (1)
codester/astrotalks 2023-10-03
Published May 31, 2024
Tracked Since Feb 18, 2026