What the vulnerability does
01Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in roninwp Revy revy allows SQL Injection.This issue affects Revy: from n/a through <= 2.1.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L
What the vulnerability does
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in roninwp Revy revy allows SQL Injection.This issue affects Revy: from n/a through <= 2.1.
Explanation of Vulnerability in Simple Terms
Revy versions 2.1 and earlier contain a SQL injection vulnerability that allows authenticated users to read sensitive database information and disrupt site availability. An attacker with low-level access can craft malicious database queries through the application. The vulnerability affects the entire site scope, potentially exposing user data and other confidential records stored in the database.
What an attacker can do
Read sensitive data from the database and cause service disruption through SQL injection.
Potential impact on your site
User data and other database records may be exposed; site availability may be degraded.
Conditions required to exploit
Attacker must have a low-level user account on the site; no user interaction required.
Key dates
External resources