5 matches found
CVE-2023-30558
Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. User input coming from the dbname in the sql/datadictionary.py tablelist endpoint is passed to the methods that follow in...
CVE-2023-30553
Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to multiple SQL injections in the sqlapi/apiworkflow.py endpoint ExecuteCheck. User input...
CVE-2023-30557 SQL injection in data_dictionary.py table_info method in Archery - GHSL-2022-106
Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to SQL injection in the datadictionary.py tableinfo. User input coming from the dbname in a...
CVE-2023-30556 SQL injection in sql_optimize.py optimize_sqltuningadvisor method in Archery - GHSL-2022-107
Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to SQL injection in the optimizesqltuningadvisor method of sqloptimize.py. User input comin...
CVE-2023-30554 SQL injection in sql_api/api_workflow.py endpoint in Archery - GHSL-2022-103
Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to SQL injection in the sqlapi/apiworkflow.py endpoint ExecuteCheck which passes unfiltered...