CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Universis: >> Universis-Api Security Vulnerabilities

CVE-2022-29603

A SQL Injection vulnerability exists in UniverSIS UniverSIS-API through 1.2.1 via the $select parameter to multiple API endpoints. A remote authenticated attacker could send crafted SQL statements to a vulnerable endpoint (such as /api/students/me/messages/) to, for example, retrieve personal information or change grades.

CVSS Score

8.1

EPSS Score

0.002

Published

2022-04-25

Page 1

Vulnerabilities

Vulnerable Software

Universis: >> Universis-Api Security Vulnerabilities

Products

Pricing

Contact Us