Easyreport
Monthly
SQL injection in xianrendzw EasyReport up to version 2.0.17.0522_Beta exposes authenticated remote attackers a path to query manipulation via the `reportParams` argument in the REST Endpoint's `execute` function. The CVSS 4.0 score of 5.3 reflects a low-privilege authenticated requirement with partial impact across confidentiality, integrity, and availability - meaning data exfiltration, record tampering, and limited availability disruption are all within scope. No public exploit has been confirmed and no vendor patch exists, as the vendor did not respond to coordinated disclosure; EPSS at 0.03% (8th percentile) corroborates low current exploitation interest.
SQL injection in xianrendzw EasyReport up to version 2.0.17.0522_Beta exposes authenticated remote attackers a path to query manipulation via the `reportParams` argument in the REST Endpoint's `execute` function. The CVSS 4.0 score of 5.3 reflects a low-privilege authenticated requirement with partial impact across confidentiality, integrity, and availability - meaning data exfiltration, record tampering, and limited availability disruption are all within scope. No public exploit has been confirmed and no vendor patch exists, as the vendor did not respond to coordinated disclosure; EPSS at 0.03% (8th percentile) corroborates low current exploitation interest.