What the vulnerability does
01Description
Unauthenticated SQL Injection in GeekyBot <= 1.2.0 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
What the vulnerability does
Unauthenticated SQL Injection in GeekyBot <= 1.2.0 versions.
Explanation of Vulnerability in Simple Terms
GeekyBot versions up to 1.2.0 contain a SQL injection vulnerability in an unspecified component. An attacker on the network can craft malicious input to execute arbitrary SQL queries, potentially reading sensitive data from the database or disrupting service availability. No authentication is required to exploit this flaw.
What an attacker can do
Execute arbitrary SQL queries to read or modify database contents without authentication.
Potential impact on your site
Attackers can extract sensitive data from your database or cause service disruption without needing to log in.
Conditions required to exploit
Network access to the vulnerable GeekyBot instance; no authentication or user interaction required.
Key dates
External resources
Related vulnerabilities