Submit #475747: cy-fast 1.0 SQL Injectioninfo

Titlecy-fast 1.0 SQL Injection
DescriptionThe current version of cy-fast has an SQL injection vulnerability that allows attackers to execute SQL statements. Due to the lack of comprehensive filtering of SQL statements, users can concatenate and execute unfiltered SQL functions. The issue lies in the route `/commpara/listData`.
Source⚠️ https://github.com/d3do-23/cvelist/blob/main/cy-fast/sqli3.md
User
 d3do (UID 79609)
Submission01/07/2025 03:36 AM (1 month ago)
Moderation01/08/2025 09:34 PM (2 days later)
StatusAccepted
VulDB Entry290857 [leiyuxi cy-fast 1.0 /commpara/listData order sql injection]
Points17

Do you need the next level of professionalism?

Upgrade your account now!