13 matches found
CVE-2026-31069
BillaBear all versions prior to Jan 2026 contains a SQL Injection vulnerability in the EventRepository. User-controlled input from metric filter names and aggregation properties is directly interpolated into SQL queries using sprintf without proper sanitization or identifier quoting. Although...
BillaBear is Vulnerable to SQL Injection in the EventRepository
BillaBear all versions prior to Jan 2026 contains a SQL Injection vulnerability in the EventRepository. User-controlled input from metric filter names and aggregation properties is directly interpolated into SQL queries using sprintf without proper sanitization or identifier quoting. Although...
GHSA-XP6R-8PCC-XV5P BillaBear is Vulnerable to SQL Injection in the EventRepository
BillaBear all versions prior to Jan 2026 contains a SQL Injection vulnerability in the EventRepository. User-controlled input from metric filter names and aggregation properties is directly interpolated into SQL queries using sprintf without proper sanitization or identifier quoting. Although...
CVE-2026-31069
BillaBear all versions prior to Jan 2026 contains a SQL Injection vulnerability in the EventRepository. User-controlled input from metric filter names and aggregation properties is directly interpolated into SQL queries using sprintf without proper sanitization or identifier quoting. Although...
billabear 安全漏洞
Billabear is an open-source self-hosted subscription management and billing system developed by Billabear. There is a security vulnerability in Billabear, which stems from the fact that the names of user-controlled metric filters and aggregation properties in the EventRepository are directly...
CVE-2026-31069
BillaBear all versions prior to Jan 2026 contains a SQL Injection vulnerability in the EventRepository. User-controlled input from metric filter names and aggregation properties is directly interpolated into SQL queries using sprintf without proper sanitization or identifier quoting. Although...
PT-2026-41942
Name of the Vulnerable Software and Affected Versions BillaBear versions prior to Jan 2026 Description An issue exists in the EventRepository where user-controlled input from metric filter names and aggregation properties is directly interpolated into SQL queries using the sprintf function withou...
EUVD-2026-30946
BillaBear all versions prior to Jan 2026 contains a SQL Injection vulnerability in the EventRepository. User-controlled input from metric filter names and aggregation properties is directly interpolated into SQL queries using sprintf without proper sanitization or identifier quoting. Although...
CVE-2026-31069
The CVE-2026-31069 entry concerns BillaBear (versions before Jan 2026) with a SQL Injection in the EventRepository. The root cause is unsafely interpolating user-controlled identifiers (filter names and aggregation property keys) into SQL via sprintf(), while values are parameterized. An authenti...
EUVD-2025-113788
Malicious code in event-repository-cordelia-phoebe npm...
CVE-2023-2260 Authorization Bypass Through User-Controlled Key in alfio-event/alf.io
Authorization Bypass Through User-Controlled Key in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304...
CVE-2023-2258 Improper Neutralization of Formula Elements in a CSV File in alfio-event/alf.io
Improper Neutralization of Formula Elements in a CSV File in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304...
CVE-2023-0301 Cross-site Scripting (XSS) - Stored in alfio-event/alf.io
Cross-site Scripting XSS - Stored in GitHub repository alfio-event/alf.io prior to Alf.io 2.0-M4-2301...