12 matches found
EUVD-2022-0665
Malicious code in bioql PyPI...
CVE-2022-23857
model/criteria/criteria.go in Navidrome before 0.47.5 is vulnerable to SQL injection attacks when processing crafted Smart Playlists. An authenticated user could abuse this to extract arbitrary data from the database, including the user table which contains sensitive information such as the users...
SQL injection in github.com/navidrome/navidrome
model/criteria/criteria.go in Navidrome before 0.47.5 is vulnerable to SQL injection attacks when processing crafted Smart Playlists. An authenticated user could abuse this to extract arbitrary data from the database, including the user table which contains sensitive information such as the users...
GHSA-PMCR-2RHP-36HR SQL injection in github.com/navidrome/navidrome
model/criteria/criteria.go in Navidrome before 0.47.5 is vulnerable to SQL injection attacks when processing crafted Smart Playlists. An authenticated user could abuse this to extract arbitrary data from the database, including the user table which contains sensitive information such as the users...
Navidrome SQL Injection Vulnerability
Navidrome is a web-based open source music collection server and streamer. Used to freely listen to music collections from any browser or mobile device, a SQL injection vulnerability exists in versions of Navidrome prior to 0.47.5, which stems from a lack of validation of externally entered SQL...
CVE-2022-23857
model/criteria/criteria.go in Navidrome before 0.47.5 is vulnerable to SQL injection attacks when processing crafted Smart Playlists. An authenticated user could abuse this to extract arbitrary data from the database, including the user table which contains sensitive information such as the users...
CVE-2022-23857
model/criteria/criteria.go in Navidrome before 0.47.5 is vulnerable to SQL injection attacks when processing crafted Smart Playlists. An authenticated user could abuse this to extract arbitrary data from the database, including the user table which contains sensitive information such as the users...
Sql injection
model/criteria/criteria.go in Navidrome before 0.47.5 is vulnerable to SQL injection attacks when processing crafted Smart Playlists. An authenticated user could abuse this to extract arbitrary data from the database, including the user table which contains sensitive information such as the users...
CVE-2022-23857
Navidrome (before 0.47.5) is affected by CVE-2022-23857 due to an SQL injection in model/criteria/criteria.go when processing crafted Smart Playlists. An authenticated user could exploit this to extract arbitrary data from the database, including the user table containing encrypted passwords. The...
CVE-2022-23857
model/criteria/criteria.go in Navidrome before 0.47.5 is vulnerable to SQL injection attacks when processing crafted Smart Playlists. An authenticated user could abuse this to extract arbitrary data from the database, including the user table which contains sensitive information such as the users...
CVE-2022-23857
model/criteria/criteria.go in Navidrome before 0.47.5 is vulnerable to SQL injection attacks when processing crafted Smart Playlists. An authenticated user could abuse this to extract arbitrary data from the database, including the user table which contains sensitive information such as the users...
Navidrome SQL注入漏洞
Navidrome is a web-based open source music collection server and streamer. Used to freely listen to music collections from any browser or mobile device, a SQL injection vulnerability exists in versions of Navidrome prior to 0.47.5, which stems from a lack of validation of externally entered SQL...