Description
The product uses a database table that includes records that should not be accessible to an actor, but it executes a SQL statement with a primary key that can be controlled by that actor.
CVE vulnerabilities with CWE-566 (8)
9.8
CVSS
CRITICAL
CVE-2025-9953
pub. 2026-02-19
9.1
CVSS
CRITICAL
CVE-2014-0808
pub. 2014-01-22
7.1
CVSS
HIGH
CVE-2025-61781
pub. 2026-01-05
6.5
CVSS
MEDIUM
CVE-2026-21886
pub. 2026-03-17
3.8
CVSS
LOW
CVE-2025-56556
pub. 2025-09-11
2.7
CVSS
LOW
CVE-2025-30368
pub. 2025-03-31
2.7
CVSS
LOW
CVE-2025-30369
pub. 2025-03-31
2.7
CVSS
LOW
CVE-2024-22261
pub. 2024-06-11