Affected web application endpoints with unauthenticated access
Summary
This vulnerability allows an unauthenticated remote attacker to execute malicious SQL commands due to improper input sanitization in the setinfo endpoint. Attackers can modify SQL UPDATE commands to alter data, resulting in a total loss of data integrity and service availability. No known active exploitation of this vulnerability has been documented publicly.
Remediation
Implement proper input sanitization and parameterized queries for the affected setinfo endpoint immediately. Deploy web application firewall rules to block malicious input patterns that indicate SQL injection attempts. Restrict unauthenticated access to the affected endpoint if it is not required for public use.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.