admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-05-28 01:04:30 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2024/CVE-2024-35475.md
0xMarcio 2226095616 Update Sun May 26 16:36:09 UTC 2024
2024-05-26 16:36:09 +00:00

791 B
Raw Blame History

CVE-2024-35475

Description

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in OpenKM Community Edition on or before version 6.3.12. The vulnerability exists in /admin/DatabaseQuery, which allows an attacker to manipulate a victim with administrative privileges to execute arbitrary SQL commands.

POC

Reference

No PoCs from references.

Github