CVE-2021-23404

Summary

This affects all versions of package sqlite-web. The SQL dashboard area allows sensitive actions to be performed without validating that the request originated from the application. This could enable an attacker to trick a user into performing these actions unknowingly through a Cross Site Request Forgery (CSRF) attack.

Affected Software

VendorProductVersion RangeStatus
n/asqlite-web0 < unspecifiedaffected

Weaknesses

  • Cross-site Request Forgery (CSRF)

ADP Enrichment

CVE Program Container

Additional References

References