Headline
GHSA-j6cv-98jx-mrwr: Mocodo vulnerable to SQL injection in `/web/generate.php`
Mocodo Mocodo Online 4.2.6 and below does not properly sanitize the sql_case
input field in /web/generate.php
, allowing remote attackers to execute arbitrary SQL commands and potentially command injection, leading to remote code execution (RCE) under certain conditions.
Mocodo vulnerable to SQL injection in `/web/generate.php`
Critical severity GitHub Reviewed Published May 28, 2024 to the GitHub Advisory Database • Updated May 28, 2024