A vulnerability, which was classified as critical, was found in Seiji42 cub-scout-tracker. This affects an unknown part of the file databaseAccessFunctions.js. The manipulation leads to sql injection. The patch is named b4bc1a328b1f59437db159f9d136d9ed15707e31. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217551.
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
| Link | Tags |
|---|---|
| https://vuldb.com/?id.217551 | third party advisory vdb entry permissions required technical description |
| https://vuldb.com/?ctiid.217551 | signature third party advisory permissions required |
| https://github.com/Seiji42/cub-scout-tracker/commit/b4bc1a328b1f59437db159f9d136d9ed15707e31 | third party advisory patch |