3 matches found
Critical SQL Injection Flaws Expose Gentoo Soko to Remote Code Execution
Multiple SQL injection vulnerabilities have been disclosed in Gentoo Soko that could lead to remote code execution RCE on vulnerable systems. "These SQL injections happened despite the use of an Object-Relational Mapping ORM library and prepared statements," SonarSource researcher Thomas...
CVE-2023-28424
creationtimestamp| type| source ---|---|--- 2023-03-20 16:54:01+00:00| seen| https://t.me/cibsecurity/60309 2023-06-28 15:51:20+00:00| seen| Telegram/YPSFRJaXJu22SzL-lnmgNittGl2SN26SC5hMmH64EzvAW7E 2023-07-08 12:47:01+00:00| seen| https://t.me/CyberSecurityTechnologies/8632 2023-07-11...
CVE-2023-28424 Soko SQL Injection vulnerability
Soko if the code that powers packages.gentoo.org. Prior to version 1.0.2, the two package search handlers, Search and SearchFeed, implemented in pkg/app/handler/packages/search.go, are affected by a SQL injection via the q parameter. As a result, unauthenticated attackers can execute arbitrary SQ...