Lucene search
K

4 matches found

NVD
NVD
added 2023/11/10 6:15 p.m.49 views

CVE-2023-47128

Piccolo is an object-relational mapping and query builder which supports asyncio. Prior to version 1.1.1, the handling of named transaction savepoints in all database implementations is vulnerable to SQL Injection via f-strings. While the likelihood of an end developer exposing a savepoints name...

9.1CVSS0.00776EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2023/11/10 6:15 p.m.4 views

casper7-plugin-meatball-day (>=0.1.0 <=0.4.2), piccolo-admin (>=0.3.1 <=0.4.0) +4 more potentially affected by CVE-2023-47128 via piccolo (>=0.74.4 <=0.96.0)

piccolo PYPI version =0.74.4, =0.1.0, =0.3.1, =0.2.0, =0.3.8, =0.0.22, =0.1.0, =0.1.6 Source cves: CVE-2023-47128 Source advisory: OSV:PYSEC-2023-241...

9.1CVSS7.7AI score0.00776EPSS
Exploits1
CVE
CVE
added 2023/11/10 6:11 p.m.61 views

CVE-2023-47128

Piccolo ORM (Python) before 1.1.1 is vulnerable to SQL injection via named transaction savepoints. The root cause is building and executing SAVEPOINT commands with user-supplied input using f-strings, which can lead to arbitrary read/modify operations and even server compromise per the descriptio...

9.1CVSS9.6AI score0.00776EPSS
Exploits1References2Affected Software1
Circl
Circl
added 2023/11/10 5:36 p.m.9 views

CVE-2023-47128

creationtimestamp| type| source ---|---|--- 2023-11-10 17:36:32+00:00| published-proof-of-concept| https://github.com/piccolo-orm/piccolo/security/advisories/GHSA-xq59-7jf3-rjc6...

9.1CVSS7.3AI score0.00776EPSS
Exploits1References1
Rows per page
Query Builder