CVE-2023-48053

Archery v1.10.0 uses a non-random or static IV for Cipher Block Chaining CBC mode in AES encryption. This vulnerability can lead to the disclosure of information and communications...

CVE-2022-38540

Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the createkillsession interface...

CVE-2022-38538

Archery v1.7.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the checksum parameter in the report module...

CVE-2022-38540

Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the createkillsession interface...

CVE-2022-38539

Archery v1.7.5 to v1.8.5 was discovered to contain a SQL injection vulnerability via the where parameter at /archive/apply...

CVE-2022-38541

Archery v1.8.3 to v1.8.5 was discovered to contain multiple SQL injection vulnerabilities via the starttime and stoptime parameters in the my2sql interface...

CVE-2022-38537

Archery v1.4.5 to v1.8.5 was discovered to contain multiple SQL injection vulnerabilities via the startfile, endfile, starttime, and stoptime parameters in the binlog2sql interface...

Sql injection

Archery v1.8.3 to v1.8.5 was discovered to contain multiple SQL injection vulnerabilities via the starttime and stoptime parameters in the my2sql interface...

Sql injection

Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the killsession interface. The project has released an update, please upgrade to v1.9.0 and above...

PT-2022-24446 · Archery · Archery

Name of the Vulnerable Software and Affected Versions: Archery versions 1.4.0 through 1.8.5 Description: The issue is related to a SQL injection vulnerability. It can be exploited via the ThreadIDs parameter in the create kill session interface. Recommendations: For Archery versions 1.4.0 through...