3 matches found
CVE-2025-24787
CVE-2025-24787 affects WhoDB, where unsafe construction of database connection URIs (string concatenation) can inject parameters into the URI. Attackers can leverage the go-sql-driver/mysql parameter allowAllFiles to trigger LOAD DATA LOCAL INFILE, enabling local-file disclosure on the host runni...
CVE-2025-24787 Parameter injection in DB connection URIs leading to local file inclusion in WhoDB
WhoDB is an open source database management tool. In affected versions the application is vulnerable to parameter injection in database connection strings, which allows an attacker to read local files on the machine the application is running on. The application uses string concatenation to build...
PT-2025-5857
Name of the Vulnerable Software and Affected Versions WhoDB versions prior to 0.45.0 Description The application is vulnerable to parameter injection in database connection strings, allowing an attacker to read local files on the machine the application is running on. This is due to the use of...