5 matches found
SQL Injection
Overview nocodb is a NocoDB Affected versions of this package are vulnerable to SQL Injection via the bulk groupBy. An authenticated attacker can execute arbitrary SQL commands by setting a column's title to a crafted SQL fragment, which is then interpolated into a database query without proper...
User Impersonation
Overview nocodb is a NocoDB Affected versions of this package are vulnerable to User Impersonation via the testConnection endpoint when the integration is fetched in a bypass scope and permission checks are insufficiently scoped to the integration's workspace. An attacker can gain unauthorized...
Authorization Bypass Through User-Controlled Key
Overview nocodb is a NocoDB Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the public shared-view endpoints, which exposed values from columns that were intended to be hidden. An attacker can access sensitive information by crafting reques...
Access Control Bypass
Overview nocodb is a NocoDB Affected versions of this package are vulnerable to Access Control Bypass via the publicMmList, publicHmList, relDataList, and nested endpoints when the show flag for a column is not properly checked. An attacker can access hidden linked records by supplying a valid...
SQL Injection
Overview nocodb is a NocoDB Affected versions of this package are vulnerable to SQL Injection via the DATEADD formula's unit parameter. An attacker with the Creator role can execute arbitrary SQL commands by supplying crafted input to this parameter. Remediation Upgrade nocodb to version 0.301.3 ...