{"id":"CVE-2023-24221","details":"LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/DeptMapper.xml.","modified":"2026-04-10T04:56:02.155740Z","published":"2023-02-17T07:15:12.160Z","references":[{"type":"REPORT","url":"https://github.com/seagull1985/LuckyFrameWeb/issues/23"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/seagull1985/luckyframeweb","events":[{"introduced":"0"},{"last_affected":"4ff3b8de240876848e4888d6c2203cceb6cea819"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"3.5"}]}}],"versions":["V2.4_Beta","V2.4_releases","V2.5_Beta","V2.6","V2.6_Beta","V2.7.1","V2.7_Beta","V3.0","V3.1.1","V3.1_Beta","V3.2.1","V3.2_Beta","V3.3_Beta","V3.4","V3.5"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-24221.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}