Tag

Fuzzy-Search

1 brief RSS

Daptin SQL Injection Vulnerability via Fuzzy Search

Daptin versions up to 0.11.4 are vulnerable to SQL injection, where an authenticated user can inject unvalidated column names into raw SQL via the `processFuzzySearch` function, allowing them to read the entire database.

daptin/daptin sqli daptin github fuzzy-search

2r 4t 1h ago