Home
HIGH: 7.0 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:NMEDIUM: 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:NDefault status
unaffected
0.0.0 (semver)
affected
Default status
unaffected
0.0.0 (semver)
affected
Default status
unaffected
2.20.0
affected
Default status
unaffected
2.20.0
affected
Default status
unaffected
0.0.0 (semver)
affected
Default status
unaffected
0.0.0 (semver)
affected
Default status
unaffected
2.20.0
affected
Default status
unaffected
2.20.0
affected
Description
A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the _RemoveRequest function due to improper neutralization of special elements in a SQL DELETE command allowing for reading the whole database and deleting entries in a non critical table. This can result in a total loss of confidentiality and some loss of integrity.
Problem types
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Product status
0.0.0 (semver)
0.0.0 (semver)
2.20.0
2.20.0
0.0.0 (semver)
0.0.0 (semver)
2.20.0
2.20.0
References
www.certvde.com/en/advisories/VDE-2026-044/