CVE-2025-50984

MEDIUM

5.3

Descricao

diskover-web v2.3.0 Community Edition is vulnerable to multiple boolean-based blind SQL injection flaws in its Elasticsearch configuration form. Unsanitized user input in POST parameters such as ES_PASS, ES_MAXSIZE, ES_TRANSLOGSIZE, ES_TIMEOUT, ES_USER, ES_HOST, ES_PORT, ES_SCROLLSIZE, ES_CHUNKSIZE and others can be crafted to inject arbitrary SQLite expressions wrapped in JSON functions. By exploiting these injection points, an attacker can infer or extract sensitive information from the underlying database without authentication. This issue stems from improper input validation and parameterization in the application's JSON-based query construction.

Detalhes CVE

Pontuacao CVSS v3.15.3

SeveridadeMEDIUM

Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Vetor de ataqueNETWORK

ComplexidadeLOW

Privilegios necessariosNONE

Interacao do usuarioNONE

Publicado8/27/2025

Ultima modificacao9/9/2025

Fontenvd

Avistamentos honeypot0

Produtos afetados

diskoverdata:diskover

Fraquezas (CWE)

CWE-89

Referencias

https://github.com/4rdr/proofs/blob/main/info/diskover-web-v2.3.0-community-edition-sqli.md(cve@mitre.org)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.