CVE-2023-52290

Name of the Vulnerable Software and Affected Versions streampark-console versions prior to 2.1.4

Description The issue arises from the lack of validation of the sort field sent from the front-end to the back-end, which is used to generate SQL queries. This poses a risk of SQL injection, potentially leading to data leakage. An attacker must first successfully log into the system to exploit this issue. The impact is considered low since no data can be written through this vulnerability.

Recommendations For versions prior to 2.1.4, upgrade to version 2.1.4 to block such parameters and mitigate the risk.