EasyVirt DCScope and CO2Scope SQL Injection Vulnerability

Vulnerability

Multiple SQL injection vulnerabilities have been identified in EasyVirt DCScope versions through 8.6.0 and CO2Scope versions through 1.3.0. These vulnerabilities allow remote authenticated attackers to execute arbitrary SQL commands by exploiting various parameters in specific API endpoints.

Impact

Exploitation of these vulnerabilities allows for arbitrary SQL command execution, which could lead to unauthorized data access or manipulation within the application's database.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

EasyVirt DCScope and CO2Scope SQL Injection Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating