1Kas
CVE-2024-7456 | lunary-ai lunary up to 1.4.2 /api/v1/external-users orderByClause sql injection
A vulnerability classified as critical has been found in lunary-ai lunary up to 1.4.2. This affects an unknown part of the file /api/v1/external-users. The manipulation of the argument orderByClause leads to sql injection. This vulnerability is uniquely identified as CVE-2024-7456. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.