CVE-2026-7023

A vulnerability was detected in ByteDance coze-studio up to 0.5.1. Affected by this vulnerability is the function ExecuteSQL of the file backend/domain/memory/database/service/databaseimpl.go of the component databaseTool. Performing a manipulation results in sql injection. The attack can be...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the ExecuteSQL function. An attacker can execute arbitrary SQL commands by supplying crafted input to the application. Remediation A fix was pushed into the master branch but not yet published. References - GitHub Comm...

EUVD-2026-25698

A vulnerability was detected in ByteDance coze-studio up to 0.5.1. Affected by this vulnerability is the function ExecuteSQL of the file backend/domain/memory/database/service/databaseimpl.go of the component databaseTool. Performing a manipulation results in sql injection. The attack can be...

CVE-2026-7023

CVE-2026-7023 : ByteDance coze-studio

CVE-2026-7023 ByteDance coze-studio databaseTool database_impl.go ExecuteSQL sql injection

A vulnerability was detected in ByteDance coze-studio up to 0.5.1. Affected by this vulnerability is the function ExecuteSQL of the file backend/domain/memory/database/service/databaseimpl.go of the component databaseTool. Performing a manipulation results in sql injection. The attack can be...

PT-2025-45607

Name of the Vulnerable Software and Affected Versions Looker Studio versions prior to 07 July 2025 Description A SQL injection issue was identified in Looker Studio, potentially allowing unauthorized data exfiltration from BigQuery data sources. An attacker could create a malicious report with...

Insecure Direct Object Reference (IDOR)

org.apache.streampark, streampark is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to insufficient access control due to improper handling of authorization tokens, allowing attackers to manually request and view all users' flink information, including executeSQL an...

CVE-2024-34457 Apache StreamPark IDOR Vulnerability

On versions before 2.1.4, after a regular user successfully logs in, they can manually make a request using the authorization token to view everyone's user flink information, including executeSQL and config. Mitigation: all users should upgrade to 2.1.4...

CVE-2024-34457 Apache StreamPark IDOR Vulnerability

On versions before 2.1.4, after a regular user successfully logs in, they can manually make a request using the authorization token to view everyone's user flink information, including executeSQL and config. Mitigation: all users should upgrade to 2.1.4...

By wave CMS General-purpose SQL injection vulnerability analysis with the use of(asp.net)-vulnerability warning-the black bar safety net

Bypass that very simple anti-injection. Directly you can update the administrator password. Injection point: http://demo.zoomla.cn/user/cashcoupon/arrivejihuo.aspx Page button Click event: | 1 | protected void BtnClick calls bArrive. UpdateStatetext; ---|--- 2 | public bool UpdateStatestring...