Tarkov Data Manager has Authenticated SQL Injection

The Tarkov Data Manager is a tool to manage the Tarkov item data. Prior to commit 9bdb3a75a98a7047b6d70144eb1da1655d6992a8, a time based blind SQL injection vulnerability in the webhook edit and scanner api endpoints that allow an authenticated attacker to execute arbitrary SQL queries against the MySQL database. Commit 9bdb3a75a98a7047b6d70144eb1da1655d6992a8 contains a patch.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

SQL命令中使用的特殊元素转义处理不恰当(SQL注入)

Tarkov Data Manager SQL注入漏洞

Tarkov Data Manager是The Hideout开源的一个数据库管理工具。 Tarkov Data Manager 9bdb3a75a98a7047b6d70144eb1da1655d6992a8之前版本存在SQL注入漏洞，该漏洞源于webhook编辑和扫描器API端点存在基于时间的盲SQL注入，可能导致执行任意SQL查询。

N/A

N/A