Davinci Project: Security Vulnerabilities
In davinci 0.3.0-rc after logging in, the user can connect to the mysql malicious server by controlling the data source to read arbitrary files on the client side.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-05-17
davinci 0.3.0-rc is vulnerable to Server-side request forgery (SSRF).
CVSS Score
8.8
EPSS Score
0.001
Published
2023-05-17
Davinci v0.3.0-rc was discovered to contain a SQL injection vulnerability via the copyDisplay function.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-02-27