Rapid7 Nexpose versions 6.6.93 and earlier are susceptible to an SQL Injection vulnerability, whereby valid search operators are not defined. This lack of validation can allow an attacker to manipulate the “ANY” and “OR” operators in the SearchCriteria and inject SQL code. This issue was fixed in Rapid7 Nexpose version 6.6.129.

Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku

Kaynak: National Vulnerability Database