2 matches found
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection through the column.go processing in the PostgreSQL and MySQL table schema components. An attacker can tamper with the database table structure and potentially leak data by creating a malicious Table CRD with crafted column...
DEBIAN-CVE-2017-16082
A remote code execution vulnerability was found within the pg module when the remote database or query specifies a specially crafted column name. There are 2 likely scenarios in which one would likely be vulnerable. 1 Executing unsafe, user-supplied sql which contains a malicious column name. 2...