Vulnerabilities > CVE-2023-31847 - Unspecified vulnerability in Davinci Project Davinci 0.3.0

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

davinci-project

NVD

Published: 2023-05-17

Updated: 2023-05-25

Summary

In davinci 0.3.0-rc after logging in, the user can connect to the mysql malicious server by controlling the data source to read arbitrary files on the client side.

Vulnerable Configurations

Part	Description	Count
Application	Davinci_Project Davinci Project Davinci 0.3.0	1

References

https://github.com/edp963/davinci/issues/2326