CVE

CVE-2024-25168

Date: (C)2024-03-23   (M)2024-03-25

SQL injection vulnerability in snow snow v.2.0.0 allows a remote attacker to execute arbitrary code via the dataScope parameter of the system/role/list interface.

Reference:

https://github.com/biantaibao/snow_SQL/blob/main/report.md