PT-2025-7615

Name of the Vulnerable Software and Affected Versions Exim versions 4.98 through 4.98.0 Description The issue allows remote SQL injection when SQLite hints and ETRN serialization are used. This could potentially allow a remote attacker to perform SQL injection, possibly stealing sensitive data or...

exim -- SQL injection

[email protected] reports: Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection...

CVE-2025-26794

Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection. Resolving SQL injection requires an update to 4.99.1 in certain non-default rate-limit configurations...

BIT-PHP-2022-31631 PDO::quote() may return unquoted string

In PHP versions 8.0. before 8.0.27, 8.1. before 8.1.15, 8.2. before 8.2.2 when using PDO::quote function to quote user-supplied data for SQLite, supplying an overly long string may cause the driver to incorrectly quote the data, which may further lead to SQL injection vulnerabilities...

BIT-PHP-MIN-2022-31631 PDO::quote() may return unquoted string

In PHP versions 8.0. before 8.0.27, 8.1. before 8.1.15, 8.2. before 8.2.2 when using PDO::quote function to quote user-supplied data for SQLite, supplying an overly long string may cause the driver to incorrectly quote the data, which may further lead to SQL injection vulnerabilities...

CVE-2025-25223

The LuxCal Web Calendar prior to 5.3.3M MySQL version and prior to 5.3.3L SQLite version contains a path traversal vulnerability in dloader.php. If this vulnerability is exploited, arbitrary files on a server may be obtained...

CVE-2025-25224

The LuxCal Web Calendar prior to 5.3.3M MySQL version and prior to 5.3.3L SQLite version contains a missing authentication vulnerability in dloader.php. If this vulnerability is exploited, arbitrary files on a server may be obtained...

CVE-2025-25223

CVE-2025-25223 : Path traversal in LuxCal Web Calendar’s dloader.php allows disclosure of arbitrary server files. Affected versions: LuxCal Web Calendar prior to 5.3.3M (MySQL) and prior to 5.3.3L (SQLite). Remediation: update to 5.3.3M/L or later.

PT-2025-15279

Name of the Vulnerable Software and Affected Versions Sqlite version 3.49.0 Description The issue is related to an integer overflow in the concat function. Recommendations For Sqlite version 3.49.0, at the moment, there is no information about a newer version that contains a fix for this...

PT-2025-16260

Name of the Vulnerable Software and Affected Versions: SQLite affected versions not specified Description: An integer overflow can be triggered in SQLite's concat ws function, leading to a Heap Buffer overflow of size 4GB, which can result in arbitrary code execution. This occurs because the...

DEBIAN-CVE-2022-31631

In PHP versions 8.0. before 8.0.27, 8.1. before 8.1.15, 8.2. before 8.2.2 when using PDO::quote function to quote user-supplied data for SQLite, supplying an overly long string may cause the driver to incorrectly quote the data, which may further lead to SQL injection vulnerabilities...

CVE-2022-31631

In PHP versions 8.0. before 8.0.27, 8.1. before 8.1.15, 8.2. before 8.2.2 when using PDO::quote function to quote user-supplied data for SQLite, supplying an overly long string may cause the driver to incorrectly quote the data, which may further lead to SQL injection vulnerabilities...

CVE-2022-31631

In PHP versions 8.0. before 8.0.27, 8.1. before 8.1.15, 8.2. before 8.2.2 when using PDO::quote function to quote user-supplied data for SQLite, supplying an overly long string may cause the driver to incorrectly quote the data, which may further lead to SQL injection vulnerabilities...

SUSE CVE-2025-24786

WhoDB is an open source database management tool. While the application only displays Sqlite3 databases present in the directory /db, there is no path traversal prevention in place. This allows an unauthenticated attacker to open any Sqlite3 database present on the host machine that the applicati...

PT-2025-15991

Name of the Vulnerable Software and Affected Versions: sqlite version 3.49.0 Description: The issue allows an attacker to cause a denial of service via the SQLITE DBCONFIG LOOKASIDE component. Recommendations: For sqlite version 3.49.0, consider disabling the SQLITE DBCONFIG LOOKASIDE component a...

CVE-2025-24786 Path traversal opening Sqlite3 database in WhoDB

WhoDB is an open source database management tool. While the application only displays Sqlite3 databases present in the directory /db, there is no path traversal prevention in place. This allows an unauthenticated attacker to open any Sqlite3 database present on the host machine that the applicati...

WhoDB 安全漏洞

WhoDB is a data browser from clidey open source. A security vulnerability exists in WhoDB 0.45.0 and earlier versions, which stems from the lack of protection against path traversal, allowing an unauthenticated attacker to open any Sqlite3 database on the running host...

PT-2025-5856

Name of the Vulnerable Software and Affected Versions WhoDB versions prior to 0.45.0 Description The issue allows an unauthenticated attacker to open any Sqlite3 database present on the host machine that the application is running on, due to the lack of path traversal prevention. The database fil...

CVE-2022-24854

Metabase is an open source business intelligence and analytics application. SQLite has an FDW-like feature called ATTACH DATABASE, which allows connecting multiple SQLite databases via the initial connection. If the attacker has SQL permissions to at least one SQLite database, then it can attach...

CVE-2024-47881

OpenRefine is a free, open source tool for working with messy data. Starting in version 3.4-beta and prior to version 3.8.3, in the database extension, the "enableloadextension" property can be set for the SQLite integration, enabling an attacker to load local or remote extension DLLs and so run...