Rhapsode

2 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2025-67811 MEDIUM This Month

Area9 Rhapsode 1.47.3 allows SQL Injection via multiple API endpoints accessible to authenticated users. Insufficient input validation allows remote attackers to inject arbitrary SQL commands, resulting in unauthorized database access and potential compromise of sensitive data. [CVSS 6.5 MEDIUM]

SQLi Rhapsode

NVD

CVSS 3.1

6.5

EPSS

0.0%

CVE-2025-67810 MEDIUM This Month

In Area9 Rhapsode 1.47.3, an authenticated attacker can exploit the operation, url, and filename parameters via POST request to read arbitrary files from the server filesystem. Fixed in 1.47.4 (#7254) and further versions. [CVSS 6.5 MEDIUM]

Buffer Overflow Information Disclosure Rhapsode

NVD

CVSS 3.1

6.5

EPSS

0.0%

CVE-2025-67811

EPSS 0% CVSS 6.5

MEDIUM This Month

Area9 Rhapsode 1.47.3 allows SQL Injection via multiple API endpoints accessible to authenticated users. Insufficient input validation allows remote attackers to inject arbitrary SQL commands, resulting in unauthorized database access and potential compromise of sensitive data. [CVSS 6.5 MEDIUM]

SQLi Rhapsode

NVD

CVE-2025-67810

EPSS 0% CVSS 6.5

MEDIUM This Month

In Area9 Rhapsode 1.47.3, an authenticated attacker can exploit the operation, url, and filename parameters via POST request to read arbitrary files from the server filesystem. Fixed in 1.47.4 (#7254) and further versions. [CVSS 6.5 MEDIUM]

Buffer Overflow Information Disclosure Rhapsode

NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy