Lucene search
K

4 matches found

NVD
NVD
added 2026/06/23 9:17 p.m.8 views

CVE-2026-47384

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, an authenticated user with column-create permission can inject SQL into the bulk groupBy endpoint by setting a column's title to a SQL fragment. The bulk groupBy path in group-by.ts builds three database-specific...

5.3CVSS0.00306EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/23 8:15 p.m.6 views

CVE-2026-47384

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, an authenticated user with column-create permission can inject SQL into the bulk groupBy endpoint by setting a column's title to a SQL fragment. The bulk groupBy path in group-by.ts builds three database-specific...

5.3CVSS5.9AI score0.00306EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/06/05 4:19 p.m.8 views

SQL Injection

Overview nocodb is a NocoDB Affected versions of this package are vulnerable to SQL Injection via the bulk groupBy. An authenticated attacker can execute arbitrary SQL commands by setting a column's title to a crafted SQL fragment, which is then interpolated into a database query without proper...

8.8CVSS6.2AI score0.00306EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.15 views

PT-2026-47082

Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 2026.05.1 Description An authenticated user with column-create permissions can perform SQL injection by setting a column title to a SQL fragment. This occurs because the bulk groupBy endpoint '/bulk groupBy' in...

5.3CVSS5.9AI score0.00306EPSS
Exploits0References9
Rows per page
Query Builder