CVE-2020-7383

Name of the Vulnerable Software and Affected Versions: Rapid7 Nexpose versions prior to 6.6.49

Description: The issue is related to insufficient protection of the SQL query structure, which may allow a remote attacker to elevate their privileges. It is a SQL Injection issue that may have allowed an authenticated user with a low permission level to access resources and make changes they should not have been able to access.

Recommendations: For versions prior to 6.6.49, update to version 6.6.49 or later to resolve the issue. As a temporary workaround, consider restricting access to the SQL query structure to minimize the risk of exploitation.