15 matches found
EUVD-2023-29919
Malicious code in bioql PyPI...
CVE-2023-26033
Gentoo soko is the code that powers packages.gentoo.org. Versions prior to 1.0.1 are vulnerable to SQL Injection, leading to a Denial of Service. If the user selects in user preferences the "Recently Visited Packages" view for the index page, the value of the searchhistory cookie is used as a...
Critical SQL Injection Flaws Expose Gentoo Soko to Remote Code Execution
Multiple SQL injection vulnerabilities have been disclosed in Gentoo Soko that could lead to remote code execution RCE on vulnerable systems. "These SQL injections happened despite the use of an Object-Relational Mapping ORM library and prepared statements," SonarSource researcher Thomas...
Critical SQL Injection Flaws Expose Gentoo Soko to Remote Code Execution
Multiple SQL injection vulnerabilities have been disclosed in Gentoo Soko that could lead to remote code execution RCE on vulnerable systems. "These SQL injections happened despite the use of an Object-Relational Mapping ORM library and prepared statements," SonarSource researcher Thomas...
CVE-2023-28424 Soko SQL Injection vulnerability
Soko if the code that powers packages.gentoo.org. Prior to version 1.0.2, the two package search handlers, Search and SearchFeed, implemented in pkg/app/handler/packages/search.go, are affected by a SQL injection via the q parameter. As a result, unauthenticated attackers can execute arbitrary SQ...
CVE-2023-28424 Soko SQL Injection vulnerability
Soko if the code that powers packages.gentoo.org. Prior to version 1.0.2, the two package search handlers, Search and SearchFeed, implemented in pkg/app/handler/packages/search.go, are affected by a SQL injection via the q parameter. As a result, unauthenticated attackers can execute arbitrary SQ...
Gentoo SQL注入漏洞
Gentoo is an open source Linux system from the Gentoo Foundation. A SQL injection vulnerability exists in Gentoo Soko versions prior to 1.0.2, which stems from a SQL injection vulnerability found in pkg/app/handler/packages/search.go...
CVE-2023-26033
Gentoo soko is the code that powers packages.gentoo.org. Versions prior to 1.0.1 are vulnerable to SQL Injection, leading to a Denial of Service. If the user selects in user preferences the "Recently Visited Packages" view for the index page, the value of the searchhistory cookie is used as a...
Sql injection
Gentoo soko is the code that powers packages.gentoo.org. Versions prior to 1.0.1 are vulnerable to SQL Injection, leading to a Denial of Service. If the user selects in user preferences the "Recently Visited Packages" view for the index page, the value of the searchhistory cookie is used as a...
Gentoo SQL注入漏洞
Gentoo is an open source Linux system from the Gentoo Foundation. A security vulnerability exists in Gentoo soko versions prior to 1.0.1, which stems from the presence of a SQL injection vulnerability that can be exploited by an attacker to cause a denial of service...
CVE-2023-26033 Gentoo soko contains DoS attack based on SQL Injection
Gentoo soko is the code that powers packages.gentoo.org. Versions prior to 1.0.1 are vulnerable to SQL Injection, leading to a Denial of Service. If the user selects in user preferences the "Recently Visited Packages" view for the index page, the value of the searchhistory cookie is used as a...
CVE-2023-26033 Gentoo soko contains DoS attack based on SQL Injection
Gentoo soko is the code that powers packages.gentoo.org. Versions prior to 1.0.1 are vulnerable to SQL Injection, leading to a Denial of Service. If the user selects in user preferences the "Recently Visited Packages" view for the index page, the value of the searchhistory cookie is used as a...
CVE-2023-26033 Gentoo soko contains DoS attack based on SQL Injection
Gentoo soko is the code that powers packages.gentoo.org. Versions prior to 1.0.1 are vulnerable to SQL Injection, leading to a Denial of Service. If the user selects in user preferences the "Recently Visited Packages" view for the index page, the value of the searchhistory cookie is used as a...
CVE-2023-26033
Gentoo soko (packages.gentoo.org) is vulnerable to SQL injection in versions prior to 1.0.1, exploitable via the Recently Visited Packages search_history cookie. Attackers can alter the cookie (base64-encoded comma list of atoms) to inject SQL into atom = '%s' queries, potentially wiping or alter...
PT-2023-20436 · Gentoo · Soko
Name of the Vulnerable Software and Affected Versions: Gentoo soko versions prior to 1.0.1 Description: The issue allows for SQL Injection, leading to a Denial of Service. When the "Recently Visited Packages" view is selected, the search history cookie value is used in SQL queries without proper...