CVE-2025-46546

LOW Year: 2025
CVSS v3 Score
3.5
Low
Weakness Type
CWE-89
View all →

Vulnerability Description

In Sherpa Orchestrator 141851, multiple time-based blind SQL injections can be performed by an authenticated user. This affects api/gui/asset/list, /api/gui/files/export/csv/, /api/gui/files/list, /api/gui/process/export/csv, /api/gui/process/export/xlsx, /api/gui/process/listAll, /api/gui/processVersion/export/csv/, /api/gui/processVersion/export/xlsx/, /api/gui/processVersion/list/, /api/gui/robot/list/, /api/gui/task/export/csv/, /api/gui/task/export/xlsx/, and /api/gui/task/list/.

Related Vulnerabilities

CVE-2024-50823

LOW
CVSS:3.5(Low)

A SQL Injection vulnerability was found in /admin/login.php in kashipara E-learning Management System Project 1.0 via the username and password parameters.

CWE-892024

CVE-2024-50824

LOW
CVSS:3.5(Low)

A SQL Injection vulnerability was found in /admin/class.php in kashipara E-learning Management System Project 1.0 via the class_name parameter.

CWE-892024

CVE-2024-50825

LOW
CVSS:3.5(Low)

A SQL Injection vulnerability was found in /admin/school_year.php in kashipara E-learning Management System Project 1.0 via the school_year parameter.

CWE-892024

CVE-2024-50826

LOW
CVSS:3.5(Low)

A SQL Injection vulnerability was found in /admin/add_content.php in kashipara E-learning Management System Project 1.0 via the title and content parameters.

CWE-892024

CVE-2024-50827

LOW
CVSS:3.5(Low)

A SQL Injection vulnerability was found in /admin/add_subject.php in kashipara E-learning Management System Project 1.0 via the subject_code parameter.

CWE-892024

CVE-2024-50828

LOW
CVSS:3.5(Low)

A SQL Injection vulnerability was found in /admin/edit_department.php in kashipara E-learning Management System Project 1.0 via the d parameter.

CWE-892024