Cuantis
Monthly
A SQL injection vulnerability exists in Cuantis that allows unauthenticated attackers to execute arbitrary SQL commands through the 'search' parameter in the '/search.php' endpoint. This vulnerability enables complete database compromise including retrieval, creation, modification, and deletion of database contents. A patch is available from the vendor, and exploitation requires only network access to the affected application with no special privileges or user interaction.
A SQL injection vulnerability exists in Cuantis that allows unauthenticated attackers to execute arbitrary SQL commands through the 'search' parameter in the '/search.php' endpoint. This vulnerability enables complete database compromise including retrieval, creation, modification, and deletion of database contents. A patch is available from the vendor, and exploitation requires only network access to the affected application with no special privileges or user interaction.