Skip to main content

Davinci

3 CVEs product

Monthly

CVE-2023-31847 MEDIUM POC This Month

In davinci 0.3.0-rc after logging in, the user can connect to the mysql malicious server by controlling the data source to read arbitrary files on the client side. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Davinci
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-31848 HIGH This Week

davinci 0.3.0-rc is vulnerable to Server-side request forgery (SSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Davinci
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-24206 CRITICAL POC Act Now

Davinci v0.3.0-rc was discovered to contain a SQL injection vulnerability via the copyDisplay function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Davinci
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
EPSS 1% CVSS 6.5
MEDIUM POC This Month

In davinci 0.3.0-rc after logging in, the user can connect to the mysql malicious server by controlling the data source to read arbitrary files on the client side. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Davinci
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

davinci 0.3.0-rc is vulnerable to Server-side request forgery (SSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Davinci
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Davinci v0.3.0-rc was discovered to contain a SQL injection vulnerability via the copyDisplay function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Davinci
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy