51 matches found
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection via the sqlExpressions feature. An attacker can execute unauthorized commands on the system by chaining SQL Expressions with plugin functionality. Remediation Upgrade github.com/grafana/grafana/pkg/expr/sql to version...
CVE-2026-27876 RCE on Grafana via sqlExpressions
A chained attack via SQL Expressions and a Grafana Enterprise plugin can lead to a remote arbitrary code execution impact RCE. This is enabled by a feature in Grafana OSS, so all users are always recommended to update to avoid future attack vectors going this path. Only instances with the...
CVE-2026-27876
A chained attack via SQL Expressions and a Grafana Enterprise plugin can lead to a remote arbitrary code execution impact RCE. This is enabled by a feature in Grafana OSS, so all users are always recommended to update to avoid future attack vectors going this path. Only instances with the...
CVE-2026-27876
Grafana (OSS) is affected when the sqlExpressions feature toggle is enabled, enabling a chained attack against a Grafana Enterprise plugin that can lead to remote arbitrary code execution (RCE). Affected ranges and fixes are: 11.6.0–11.6.14 (fix in 11.6.14); 12.0.0–12.1.10 (fix in 12.1.10; 12.0 i...
CVE-2026-27876 RCE on Grafana via sqlExpressions
A chained attack via SQL Expressions and a Grafana Enterprise plugin can lead to a remote arbitrary code execution impact RCE. This is enabled by a feature in Grafana OSS, so all users are always recommended to update to avoid future attack vectors going this path. Only instances with the...
CVE-2026-27876
A chained attack via SQL Expressions and a Grafana Enterprise plugin can lead to a remote arbitrary code execution impact RCE. This is enabled by a feature in Grafana OSS, so all users are always recommended to update to avoid future attack vectors going this path. Only instances with the...
Grafana 安全漏洞
Grafana is a set of open-source monitoring tools developed by Grafana Open Source, which provide a visual monitoring interface. This tool is primarily used for monitoring and analyzing systems such as Graphite, InfluxDB, and Prometheus. Grafana has a security vulnerability that stems from SQL...
Grafana -- RCE on Grafana via sqlExpressions
https://grafana.com/security/security-advisories/cve-2026-27876 reports: A chained attack via SQL Expressions and a Grafana Enterprise plugin can lead to a remote arbitrary code execution impact RCE. This is enabled by a feature in Grafana OSS, so all users are always recommended to update to avo...
PT-2026-28369
Name of the Vulnerable Software and Affected Versions: Grafana versions 11.6.0 through 11.6.14, 12.0.0 through 12.1.10, 12.2.0 through 12.2.8, 12.3.0 through 12.3.6, and 12.4.0 through 12.4.2. Description: A chained attack involving SQL Expressions and a Grafana Enterprise plugin can lead to remo...
CVE-2025-51968
A SQL Injection vulnerability exists in the action.php file of PuneethReddyHC Online Shopping System Advanced 1.0. The application fails to properly sanitize user-supplied input in the proId POST parameter, allowing attackers to inject arbitrary SQL expressions...
Exploit for Code Injection in Grafana
CVE-2024-9264 Authenticated RCE in Grafana v11.0 via SQL Exp...
Exploit for Code Injection in Grafana
CVE-2024-9264-RCE-Exploit in Grafana via SQL Expressions D...
SUSE-SU-2025:01991-1 Security update for grafana
This update for grafana fixes the following issues: grafana was updated from version 10.4.15 to 11.5.5 jscPED-12918: - Security issues fixed: CVE-2025-4123: Fix cross-site scripting vulnerability bsc1243714. CVE-2025-22872: Bump golang.org/x/net/html bsc1241809 CVE-2025-3580: Prevent unauthorized...
Grafana Labs SQL expressions allowing for RCE (CVE-2024-9264)
The version of Grafana Labs installed on the remote host is affected by a vulnerability as referenced in the CVE-2024-9264 advisory. - The SQL Expressions experimental feature of Grafana allows for the evaluation of 'duckdb' queries containing user input. These queries are insufficiently sanitize...
GO-2024-3215 Grafana Command Injection And Local File Inclusion Via Sql Expressions in github.com/grafana/grafana
Grafana Command Injection And Local File Inclusion Via Sql Expressions in github.com/grafana/grafana. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...
CVE-2024-9264
A vulnerability was found in Grafana. An experimental feature named SQL Expressions was recently added to Grafana to allow query output to be post-processed using SQL. These SQL queries were incompletely sanitized, leading to a command injection and local file inclusion vulnerability. Any user wi...
BIT-GRAFANA-2024-9264 Grafana SQL Expressions allow for remote code execution
The SQL Expressions experimental feature of Grafana allows for the evaluation of duckdb queries containing user input. These queries are insufficiently sanitized before being passed to duckdb, leading to a command injection and local file inclusion vulnerability. Any user with the VIEWER or highe...
SUSE CVE-2024-9264
The SQL Expressions experimental feature of Grafana allows for the evaluation of duckdb queries containing user input. These queries are insufficiently sanitized before being passed to duckdb, leading to a command injection and local file inclusion vulnerability. Any user with the VIEWER or highe...
Exploit for Code Injection in Grafana
CVE-2024-9264-RCE-Exploit in Grafana via SQL Expressions D...
Grafana Command Injection And Local File Inclusion Via Sql Expressions
The SQL Expressions experimental feature of Grafana allows for the evaluation of duckdb queries containing user input. These queries are insufficiently sanitized before being passed to duckdb, leading to a command injection and local file inclusion vulnerability. Any user with the VIEWER or highe...