CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-2681

An SQL Injection vulnerability has been found on Jorani version 1.0.0. This vulnerability allows an authenticated remote user, with low privileges, to send queries with malicious SQL code on the "/leaves/validate" path and the “id” parameter, managing to extract arbritary information from the database.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.01

EPSS Ranking 75.4%

CVSS Severity

CVSS v3 Score 8.8

References

https://www.incibe.es/en/incibe-cert/notices/aviso/jorani-sql-injection
https://www.incibe.es/en/incibe-cert/notices/aviso/jorani-sql-injection

Products affected by CVE-2023-2681

Jorani » Jorani » Version: 1.0.0

cpe:2.3:a:jorani:jorani:1.0.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-2681

Products

Pricing

Contact Us