Lucene search
K

5 matches found

SUSE CVE
SUSE CVE
added 2025/02/11 3:47 a.m.3 views

SUSE CVE-2025-24787

WhoDB is an open source database management tool. In affected versions the application is vulnerable to parameter injection in database connection strings, which allows an attacker to read local files on the machine the application is running on. The application uses string concatenation to build...

7.5CVSS7.1AI score0.00543EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/02/08 7:21 p.m.6 views

CVE-2025-24787

WhoDB is an open source database management tool. In affected versions the application is vulnerable to parameter injection in database connection strings, which allows an attacker to read local files on the machine the application is running on. The application uses string concatenation to build...

8.6CVSS6.7AI score0.00543EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/02/06 6:41 p.m.20 views

CVE-2025-24787 Parameter injection in DB connection URIs leading to local file inclusion in WhoDB

WhoDB is an open source database management tool. In affected versions the application is vulnerable to parameter injection in database connection strings, which allows an attacker to read local files on the machine the application is running on. The application uses string concatenation to build...

8.6CVSS0.00543EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/02/06 6:41 p.m.14 views

CVE-2025-24787 Parameter injection in DB connection URIs leading to local file inclusion in WhoDB

WhoDB is an open source database management tool. In affected versions the application is vulnerable to parameter injection in database connection strings, which allows an attacker to read local files on the machine the application is running on. The application uses string concatenation to build...

8.6CVSS8.5AI score0.00543EPSS
Exploits0References2
CVE
CVE
added 2025/02/06 6:41 p.m.79 views

CVE-2025-24787

CVE-2025-24787 affects WhoDB, where unsafe construction of database connection URIs (string concatenation) can inject parameters into the URI. Attackers can leverage the go-sql-driver/mysql parameter allowAllFiles to trigger LOAD DATA LOCAL INFILE, enabling local-file disclosure on the host runni...

8.6CVSS8.5AI score0.00543EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder