Vulnerabilities > Davinci Project

DATE CVE VULNERABILITY TITLE RISK
2023-05-17 CVE-2023-31847 Unspecified vulnerability in Davinci Project Davinci 0.3.0
In davinci 0.3.0-rc after logging in, the user can connect to the mysql malicious server by controlling the data source to read arbitrary files on the client side.
network
low complexity
davinci-project
6.5
2023-05-17 CVE-2023-31848 Server-Side Request Forgery (SSRF) vulnerability in Davinci Project Davinci 0.3.0
davinci 0.3.0-rc is vulnerable to Server-side request forgery (SSRF).
network
low complexity
davinci-project CWE-918
8.8
2023-02-27 CVE-2023-24206 SQL Injection vulnerability in Davinci Project Davinci 0.3.0
Davinci v0.3.0-rc was discovered to contain a SQL injection vulnerability via the copyDisplay function.
network
low complexity
davinci-project CWE-89
critical
9.8