CVE-2024-25168

Name of the Vulnerable Software and Affected Versions snow snow version 2.0.0

Description A SQL injection issue allows a remote attacker to execute arbitrary code via the dataScope parameter of the "system/role/list" interface. This enables the attacker to potentially access and manipulate sensitive data.

Recommendations For snow snow version 2.0.0, consider disabling access to the "system/role/list" interface until a patch is available. As a temporary workaround, restrict the use of the dataScope parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.