SQL Injection Vulnerability in ThinkJS 3.2.10 Model Increment and Decrement Functions

SQL Injection Vulnerability in ThinkJS 3.2.10 Model Increment and Decrement Functions

CVE-2020-21176 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SQL injection vulnerability in the model.increment and model.decrement function in ThinkJS 3.2.10 allows remote attackers to execute arbitrary SQL commands via the step parameter.

Learn more about our Web Application Penetration Testing UK.