CVE-2023-27742
IDURAR ERP/CRM v1 was discovered to contain a SQL injection vulnerability via the component /api/login.
Description
IDURAR ERP/CRM v1 was discovered to contain a SQL injection vulnerability via the component /api/login.
Vulnerability Type
SQL Injection
Vendor of Product
IDURAR ERP/CRM v1
Affected Product Code Base
https://github.com/idurar/erp-crm - version 1
Attack Type
Remote
Impact Escalation of Privileges
true
Attack Vectors
Use the expression {"$ne":null} in the email keypair in the /api/login request
Discoverer
Soummya Mukhopadhyay @G37SYS73M