CVE-2025-50984

{"id": "CVE-2025-50984", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2025-08-27T16:15:36.053", "references": [{"url": "https://github.com/4rdr/proofs/blob/main/info/diskover-web-v2.3.0-community-edition-sqli.md", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "diskover-web v2.3.0 Community Edition is vulnerable to multiple boolean-based blind SQL injection flaws in its Elasticsearch configuration form. Unsanitized user input in POST parameters such as ES_PASS, ES_MAXSIZE, ES_TRANSLOGSIZE, ES_TIMEOUT, ES_USER, ES_HOST, ES_PORT, ES_SCROLLSIZE, ES_CHUNKSIZE and others can be crafted to inject arbitrary SQLite expressions wrapped in JSON functions. By exploiting these injection points, an attacker can infer or extract sensitive information from the underlying database without authentication. This issue stems from improper input validation and parameterization in the application's JSON-based query construction."}, {"lang": "es", "value": "diskover-web v2.3.0 Community Edition es vulnerable a m\u00faltiples fallos de inyecci\u00f3n SQL ciega basados en booleanos en su formulario de configuraci\u00f3n de Elasticsearch. Entradas de usuario sin depurar en par\u00e1metros POST como ES_PASS, ES_MAXSIZE, ES_TRANSLOGSIZE, ES_TIMEOUT, ES_USER, ES_HOST, ES_PORT, ES_SCROLLSIZE, ES_CHUNKSIZE y otros pueden manipularse para inyectar expresiones SQLite arbitrarias envueltas en funciones JSON. Al explotar estos puntos de inyecci\u00f3n, un atacante puede inferir o extraer informaci\u00f3n confidencial de la base de datos subyacente sin autenticaci\u00f3n. Este problema se debe a una validaci\u00f3n y parametrizaci\u00f3n incorrectas de las entradas en la construcci\u00f3n de consultas basadas en JSON de la aplicaci\u00f3n."}], "lastModified": "2025-09-09T18:46:38.853", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:diskoverdata:diskover:2.3.0:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "1C1C6558-A8F2-4821-B926-239A1F4FB03A"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}