Numerous exposed dangerous functions within Orion Core has allows for read-only SQL injection leading to privileged escalation. An attacker with low-user privileges may steal password hashes and password salt information.

Related CVEs

CVE-2021-35234

Key Information

GHSA ID

GHSA-pw8x-9www-h93w

Published

December 21, 2021 12:00 AM

Last Modified

September 16, 2024 9:30 PM

CVSS Score

7.5 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: October 5, 2025 6:32 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.