427 matches found
GHSA-QG73-G3CF-VHHH NocoDB Allows Preview of Files with Dangerous Content
Summary --- Attacker can upload a html file with malicious content. If user tries to open that file in browser malicious scripts can be executed leading Stored XSSCross-Site Script attack. PoC --- NocoDB was configured using the Release Binary Noco-macos-arm64, and nocodb version 0.202.9 currentl...
NocoDB Allows Preview of Files with Dangerous Content
Summary --- Attacker can upload a html file with malicious content. If user tries to open that file in browser malicious scripts can be executed leading Stored XSSCross-Site Script attack. PoC --- NocoDB was configured using the Release Binary Noco-macos-arm64, and nocodb version 0.202.9 currentl...
CVE-2023-50718 NocoDB SQL Injection vulnerability
NocoDB is software for building databases as spreadsheets. Prior to version 0.202.10, an authenticated attacker with create access could conduct a SQL Injection attack on MySQL DB using unescaped tablename. This vulnerability may result in leakage of sensitive data in the database. Version 0.202....
CVE-2023-50718 NocoDB SQL Injection vulnerability
NocoDB is software for building databases as spreadsheets. Prior to version 0.202.10, an authenticated attacker with create access could conduct a SQL Injection attack on MySQL DB using unescaped tablename. This vulnerability may result in leakage of sensitive data in the database. Version 0.202....
CVE-2023-50718
CVE-2023-50718 (NocoDB) SQL injection vulnerability exists prior to version 0.202.10 where an authenticated user with create access can exploit an unescaped table_name via VitessClient.ts to leak data from a MySQL database. Affected impact is data disclosure; no integrity/availability impact repo...
CVE-2023-50717 NocoDB Allows Preview of File with Dangerous Content
NocoDB is software for building databases as spreadsheets. Starting in verson 0.202.6 and prior to version 0.202.10, an attacker can upload a html file with malicious content. If user tries to open that file in browser malicious scripts can be executed leading stored cross-site scripting attack...
CVE-2023-50717
CVE-2023-50717 affects NocoDB. Versions 0.202.6 through
CVE-2023-50717 NocoDB Allows Preview of File with Dangerous Content
NocoDB is software for building databases as spreadsheets. Starting in verson 0.202.6 and prior to version 0.202.10, an attacker can upload a html file with malicious content. If user tries to open that file in browser malicious scripts can be executed leading stored cross-site scripting attack...
CVE-2023-50717 NocoDB Allows Preview of File with Dangerous Content
NocoDB is software for building databases as spreadsheets. Starting in verson 0.202.6 and prior to version 0.202.10, an attacker can upload a html file with malicious content. If user tries to open that file in browser malicious scripts can be executed leading stored cross-site scripting attack...
PT-2024-13958 · Nocodb · Nocodb
Name of the Vulnerable Software and Affected Versions: NocoDB versions prior to 0.202.10 Description: The issue allows an authenticated attacker with create access to conduct a SQL Injection attack on MySQL DB using an unescaped table name. This may result in leakage of sensitive data in the...
PT-2024-13799 · Nocodb · Nocodb
Name of the Vulnerable Software and Affected Versions: NocoDB versions prior to 0.202.9 Description: A stored cross-site scripting vulnerability exists within the Formula virtual cell comments functionality. The nc-gui/components/virtual-cell/Formula.vue displays a v-html tag with the value of ur...
The vulnerability of the fileRead() function in the NocoDB database creation platform allows a attacker to gain unauthorized access to protected information.
The vulnerability of the fileRead function in the NocoDB database creation platform is related to an incorrect limitation on the path name for the restricted access directory. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...
SQL Injection
Nocodb is vulnerable to SQL Injection. The vulnerability is due to improper sanitation or parameterization of sql queries in the triggerList function in the SqliteClient.ts file. This can potentially lead to Information Disclosure...
CVE-2023-43794
Nocodb is an open source Airtable alternative. Affected versions of nocodb contain a SQL injection vulnerability, that allows an authenticated attacker with creator access to query the underlying database. By supplying a specially crafted payload to the given an attacker can inject arbitrary SQL...
Sql injection
Nocodb is an open source Airtable alternative. Affected versions of nocodb contain a SQL injection vulnerability, that allows an authenticated attacker with creator access to query the underlying database. By supplying a specially crafted payload to the given an attacker can inject arbitrary SQL...
CVE-2023-43794 SQL Injection in nocodb
Nocodb is an open source Airtable alternative. Affected versions of nocodb contain a SQL injection vulnerability, that allows an authenticated attacker with creator access to query the underlying database. By supplying a specially crafted payload to the given an attacker can inject arbitrary SQL...
CVE-2023-43794 SQL Injection in nocodb
Nocodb is an open source Airtable alternative. Affected versions of nocodb contain a SQL injection vulnerability, that allows an authenticated attacker with creator access to query the underlying database. By supplying a specially crafted payload to the given an attacker can inject arbitrary SQL...
CVE-2023-43794
CVE-2023-43794 describes a SQL injection in nocodb. The vulnerability affects nocodb where an authenticated attacker with creator access can exploit a blind SQL injection via the SQLite client path (notably in the triggerList flow related to sqlite_master) to reveal data from the database. Affect...
CVE-2023-43794 SQL Injection in nocodb
Nocodb is an open source Airtable alternative. Affected versions of nocodb contain a SQL injection vulnerability, that allows an authenticated attacker with creator access to query the underlying database. By supplying a specially crafted payload to the given an attacker can inject arbitrary SQL...
GHSA-3M5Q-Q39V-XF8F nocodb SQL Injection vulnerability
Summary Nocodb contains SQL injection vulnerability, that allows an authenticated attacker with creator access to query the underlying database. Product nocodb/nocodb Tested Version 0.109.2 Details SQL injection in SqliteClient.ts GHSL-2023-141 By supplying a specially crafted payload to the give...