admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-30 18:04:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

Clarify auth on CVE-2022-0757 (#52)

Browse Source 
* Clarify auth on CVE-2022-0757

* an to a
This commit is contained in:
Tod Beardsley 2022-04-04 09:31:33 -05:00 committed by GitHub
parent 2fbd6da9f7
commit 927c0b660d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
2022/0xxx/CVE-2022-0757.json
View File

@ -60,7 +60,7 @@
"description_data": [
{
"lang": "eng",
"value": "Rapid7 Nexpose versions 6.6.93 and earlier are susceptible to an SQL Injection vulnerability, whereby valid search operators are not defined. This lack of validation can allow an attacker to manipulate the \"ANY\" and \"OR\" operators in the SearchCriteria and inject SQL code. This issue was fixed in Rapid7 Nexpose version 6.6.129."
"value": "Rapid7 Nexpose versions 6.6.93 and earlier are susceptible to an SQL Injection vulnerability, whereby valid search operators are not defined. This lack of validation can allow a logged-in, authenticated attacker to manipulate the \"ANY\" and \"OR\" operators in the SearchCriteria and inject SQL code. This issue was fixed in Rapid7 Nexpose version 6.6.129."
}
]
},