2 matches found
CVE-2023-42454 SQLpage vulnerable to public exposure of database credentials
SQLpage is a SQL-only webapp builder. Someone using SQLpage versions prior to 0.11.1, whose SQLpage instance is exposed publicly, with a database connection string specified in the sqlpage/sqlpage.json configuration file not in an environment variable, with the webroot is the current working...
CVE-2023-42454
SQLpage CVE-2023-42454 affects versions before 0.11.1 where an exposed SQLPage instance stores the database connection string in sqlpage/sqlpage.json and the web_root is the default, allowing an attacker who can access the instance and the database to retrieve credentials and connect directly. Th...