Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
SQL Injection vulnerability in vran-dev databaseir v.1.0.7 and before allows a remote attacker to execute arbitrary code via the query parameter in the search API endpoint
AnalysisAI
SQL injection in databaseir v.1.0.7 via query parameter. PoC available.
Technical ContextAI
CWE-89.
RemediationAI
Update.
Databasir v1.0.7 was discovered to contain a remote code execution (RCE) vulnerability via the mockDataScript parameter.
Databasir is a team-oriented relational database model document management platform. Rated critical severity (CVSS 9.8),
Databasir is a team-oriented relational database model document management platform. Rated high severity (CVSS 8.8), thi
Databasir is a team-oriented relational database model document management platform. Rated high severity (CVSS 7.7), thi
Databasir is a database metadata management platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exp
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today