Lucene search
GitHub Advisory DatabaseGHSA-8FXG-MR34-JQR8HistoryMay 13, 2024 - 4:46 p.m.
NocoDB SQL Injection vulnerability
2024-05-1316:46:59
CWE-89
GitHub Advisory Database
github.com
4
sql injection
mysql
data leakage
vitessclient
Summary
An authenticated attacker with create access could conduct a SQL Injection attack on MySQL DB using unescaped table_name.
Details
SQL Injection vulnerability occurs in VitessClient.ts.
async columnList(args: any = {}) {
const func = this.columnList.name;
const result = new Result();
log.api(`${func}:args:`, args);
try {
args.databaseName = this.connectionConfig.connection.database;
const response = await this.sqlClient.raw(
`select *, table_name as tn from information_schema.columns where table_name = '${args.tn}' ORDER by ordinal_position`,
);
The variable ${args.tn} refers to the table name entered by the user.
A malicious attacker can escape the existing query by including a special character (') in the table name and insert and execute a new arbitrary SQL query.
Impact
This vulnerability may result in leakage of sensitive data in the database.
Related
veracode
veracode
SQL Injection
2024-05-14 06:32:30
cve
cve
CVE-2023-50718
2024-05-14 14:17:02
osv
osv
NocoDB SQL Injection vulnerability
2024-05-13 16:46:59
cvelist
cvelist
CVE-2023-50718 NocoDB SQL Injection vulnerability
2024-05-13 16:08:09