CVE-2024-25168 Information

Description

SQL injection vulnerability in snow snow v.2.0.0 allows a remote attacker to execute arbitrary code via the dataScope parameter of the system/role/list interface.

Reference

https://github.com/biantaibao/snow_SQL/blob/main/report.md