CVE-2023-41262
- Reference to the description:
- Description:
- An issue was discovered in /fcgi/scrut_fcgi.fcgi in Plixer Scrutinizer before 19.3.1. The csvExportReport endpoint action generateCSV is vulnerable to SQL injection through the sorting parameter, allowing an unauthenticated user to execute arbitrary SQL statements in the context of the application's backend database server.
- Last updated date:
- 10/16/2023
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 10/16/2023
- Reference url to background
https://github.com/atredispartners/advisories/blob/master/ATREDIS-2023-0001.md