Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Filtered by vendor Universis Subscribe
Filtered by product Universis-api
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-29603 1 Universis 1 Universis-api 2022-05-04 5.5 MEDIUM 8.1 HIGH
A SQL Injection vulnerability exists in UniverSIS UniverSIS-API through 1.2.1 via the $select parameter to multiple API endpoints. A remote authenticated attacker could send crafted SQL statements to a vulnerable endpoint (such as /api/students/me/messages/) to, for example, retrieve personal information or change grades.