CNNVD-202508-3227 Information

CNNVD ID

CNNVD-202508-3227

Related CVE

CVE-2025-50984

• CNNVD Published: 2025-08-27

Description (Chinese)

Diskover-web是美国Diskover公司的一款文件系统索引工具。 Diskover-web v2.3.0版本存在安全漏洞，该漏洞源于Elasticsearch配置表单中多个POST参数清理不当，可能导致SQL注入攻击。

Description (English)

Diskover-web is a filesystem indexing tool for Diskover in the United States. There is a security loophole in version Diskover-web v.2.3.0, which stems from the inadequate clean-up of multiple POST parameters in Elasticsearch configuration forms, which could lead to an SQL injection attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Diskover

Published

2025-08-27

Last Modified

2026-02-24

References

https://github.com/4rdr/proofs/blob/main/info/diskover-web-v2.3.0-community-edition-sqli.md https://nvd.nist.gov/vuln/detail/CVE-2025-50984