ultiple SQL injection vulnerabilities in EasyVirt DCScope <= 8.6.4 and CO2Scope <= 1.3.4 allows remote authenticated attackers to execute arbitrary SQL commands via the (1) timeago, (2) user, (3) filter, (4) target, (5) p1, (6) p2, (7) p3, (8) p4, (9) p5, (10) p6, (11) p7, (12) p8, (13) p9, (14) p10, (15) p11, (16) p12, (17) p13, (18) p14, (19) p15, (20) p16, (21) p17, (22) p18, (23) p19, or (24) p20 parameter to /api/management/updateihmsettings; the (25) ID, (26) NAME, (27) CPUTHREADNB, (28) RAMCAP, or (29) DISKCAP parameter to /api/capaplan/savetemplates.
No configuration.
29 Apr 2025, 13:52
| Type | Values Removed | Values Added |
|---|---|---|
| Summary |
|
25 Apr 2025, 17:15
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-89 | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
25 Apr 2025, 15:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Published : 2025-04-25 15:15
Updated : 2025-04-29 13:52
NVD link : CVE-2025-28076
Mitre link : CVE-2025-28076
CVE.ORG link : CVE-2025-28076
JSON object : View
No product.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')