CVE-2023-33967

Name of the Vulnerable Software and Affected Versions EaseProbe versions prior to 2.1.0

Description The issue is related to an SQL injection problem in EaseProbe when using MySQL/PostgreSQL data checking. This occurs due to a lack of protection measures for the SQL query structure, allowing an attacker to execute arbitrary SQL code. The vulnerability was discovered by the Oxeye research team.

Recommendations For versions prior to 2.1.0, upgrade to version 2.1.0 to resolve the issue. As a temporary workaround, consider restricting access to the MySQL/PostgreSQL data checking functionality until the upgrade is applied.