CVE-2019-7548

2019-02-0600:00:00

attackerkb.com

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

JSON

SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled.

Recent assessments:

kevthehermit at April 23, 2020 8:30pm UTC reported:

SQLAlchemy is one of the most popular ORMs for Python / SQL Database interaction. It is heavily used in python web applications with frameworks like Flask and Django.

ORMS are heavily used as they prevent the need for raw queries, which also adds input sanitization as part of its process.

This specific exploit would allow SQL Injection if an attacker can control the input sent to group_by as this field was not being filtered. This could resutl in full DB compromise including the compromise of credentials.

Whilst the use of SQLAlchemy is fairly common the specific requirements around the version and the group_by parameter being accessible to an end-user may not be as common.

Assessed Attacker Value: 3
Assessed Attacker Value: 3Assessed Attacker Value: 2