Alldata v0.4.6 was discovered to contain a SQL injection vulnerability via the tablename parameter at /data/masterdata/datas.
References
Link | Resource |
---|---|
https://gist.github.com/Raybye/4b377eb06b5f9c324f090d39a0d25c2b | Third Party Advisory |
https://github.com/Raybye/alldata-bug/blob/main/alldata.md | Broken Link |
https://gist.github.com/Raybye/4b377eb06b5f9c324f090d39a0d25c2b | Third Party Advisory |
https://github.com/Raybye/alldata-bug/blob/main/alldata.md | Broken Link |
Configurations
History
30 Apr 2025, 16:47
Type | Values Removed | Values Added |
---|---|---|
References | () https://gist.github.com/Raybye/4b377eb06b5f9c324f090d39a0d25c2b - Third Party Advisory | |
References | () https://github.com/Raybye/alldata-bug/blob/main/alldata.md - Broken Link | |
CPE | cpe:2.3:a:alldata:alldata:0.4.6:*:*:*:*:*:*:* | |
First Time |
Alldata alldata
Alldata |
Information
Published : 2024-04-02 21:15
Updated : 2025-04-30 16:47
NVD link : CVE-2024-29432
Mitre link : CVE-2024-29432
CVE.ORG link : CVE-2024-29432
JSON object : View
Products Affected
alldata
- alldata
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')