Site icon API Security Blog

CVE-2023-4567

A blind SQL injection flaw was found in tower API. This issue may allow an attacker to craft a malicious SQL query into the SOCIAL_AUTH_GITHUB_KEY parameter in the /api/v2/settings/all/ endpoint and completely compromise the backend tower SQL database.Read More

Exit mobile version