Giters

G37SYS73M / CVE-2023-27742

IDURAR ERP/CRM v1 was discovered to contain a SQL injection vulnerability via the component /api/login.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

CVE-2023-27742

IDURAR ERP/CRM v1 was discovered to contain a SQL injection vulnerability via the component /api/login.

Description

IDURAR ERP/CRM v1 was discovered to contain a SQL injection vulnerability via the component /api/login.

Vulnerability Type

SQL Injection

Vendor of Product

IDURAR ERP/CRM v1

Affected Product Code Base

https://github.com/idurar/erp-crm - version 1

Attack Type

Remote

Impact Escalation of Privileges

true

Attack Vectors

Use the expression {"$ne":null} in the email keypair in the /api/login request

Discoverer

Soummya Mukhopadhyay @G37SYS73M

About

IDURAR ERP/CRM v1 was discovered to contain a SQL injection vulnerability via the component /api/login.