9 matches found
PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON input because keys are not escaped by escape_dict.
...
python-pymysql: SQL injection if used with untrusted JSON input
A flaw was found in PyMySQL. When processing untrusted JSON input, keys are not escaped by the escapedict function due to insufficient input sanitization, allowing an attacker to inject malicious SQL queries...
The vulnerability of the JSONHandler component in the PyMySQL library for the Python programming language allows a hacker to gain unauthorized access to data, falsify data, or execute arbitrary code on the database server’s internal side.
The vulnerability of the JSONHandler component in the PyMySQL library for the Python programming language is related to the lack of a key escrow mechanism in the process of escapedict. Exploiting this vulnerability may allow an attacker to gain unauthorized access to data, falsify data, or execut...
PyMySQL SQL Injection vulnerability
PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON input because keys are not escaped by escapedict...
CVE-2024-36039
PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON input because keys are not escaped by escapedict...
CVE-2024-36039
PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON input because keys are not escaped by escapedict...
CVE-2024-36039
PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON input because keys are not escaped by escapedict...
CVE-2024-36039
PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON input because keys are not escaped by escapedict...
CVE-2024-36039
PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON input because keys are not escaped by escapedict...