Product
critical
advisory
Daptin SQL Injection Vulnerability via Fuzzy Search
2 rules 4 TTPsDaptin versions up to 0.11.4 are vulnerable to SQL injection, where an authenticated user can inject unvalidated column names into raw SQL via the `processFuzzySearch` function, allowing them to read the entire database.
daptin/daptin
sqli
daptin
github
fuzzy-search
2r
4t
high
advisory
Daptin SQL Injection Vulnerability in Aggregate API
2 rules 1 TTPA SQL injection vulnerability exists in Daptin versions prior to 0.11.4 within the `/aggregate/:typename` endpoint, where the `column` and `group` query parameters are passed to `goqu.L()` without validation, allowing authenticated users to inject arbitrary SQL expressions and exfiltrate sensitive data.
Daptin
sql-injection
web-application
2r
1t