4 matches found
Sql injection
Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to SQL injection in the datadictionary.py tableinfo. User input coming from the dbname in a...
CVE-2023-30557 SQL injection in data_dictionary.py table_info method in Archery - GHSL-2022-106
Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to SQL injection in the datadictionary.py tableinfo. User input coming from the dbname in a...
CVE-2023-30557
CVE-2023-30557 affects Archery, an open-source SQL audit/management tool. The vulnerability arises from SQL injection in the data_dictionary.py table_info endpoint, where user input from db_name and tb_name is unsafely concatenated into SQL queries and passed to database engines (sql/engines/mssq...
CVE-2023-30557 SQL injection in data_dictionary.py table_info method in Archery - GHSL-2022-106
Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to SQL injection in the datadictionary.py tableinfo. User input coming from the dbname in a...