The currentItem property is not filtered/validated by Appsmith before being sent to the server, which allows remote attackers to inject arbitrary JavaScript via a crafted request. The current item number can be inspected on the server to discover client-specific information, such as the logged-in user’s session ID or other data that can be used for client-side DoS or information leakage attacks.


Server-side request forgery in Appsmith through 1.7.14 allows remote attackers to execute arbitrary SQL queries against the server via a crafted request.

Server-side request forgery in Appsmith through 1.7.14 allows remote attackers to execute arbitrary SQL queries against the server via a crafted request.


Server-side request forgery in Appsmith through 1.7.14 allows remote attackers to execute arbitrary SQL queries against the server via a crafted request.


Server-side request forgery in Appsmith through 1.7.14 allows remote attackers to execute arbitrary SQL queries against the server via a crafted request.


Server-side request forgery in Appsmith through 1.7.14 allows remote attackers to execute arbitrary SQL queries against the server via a crafted request.


Server-side request forgery in Appsmith through 1.7.14 allows remote attackers to execute arbitrary SQL queries against the server via a crafted request.


Server-side request forgery in Appsmith through 1.7.14 allows remote attackers to execute

Testing Scenario

The current item number can be inspected on the server to discover client-specific information, such as the logged-in user’s session ID or other data that can be used for client-side DoS or information leakage attacks.

Server-side request forgery in Appsmith through 1.7.14 allows remote attackers to execute arbitrary SQL queries against the server via a crafted request.

Timeline

Published on: 09/05/2022 03:15:00 UTC
Last modified on: 09/09/2022 16:47:00 UTC

References