5 matches found
CVE-2023-30555
Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases.Affected versions are subject to SQL injection in the explain method in sqloptimize.py. User input coming from the dbname...
Sql injection
Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases.Affected versions are subject to SQL injection in the explain method in sqloptimize.py. User input coming from the dbname...
CVE-2023-30555
CVE-2023-30555 concerns Archery, an open-source SQL audit platform, with multiple SQL injection vulnerabilities in the explain endpoint. The root cause is that user input from the db_name parameter is passed to database engine queries (query methods in sql/engines/mssql.py and sql/engines/oracle....
CVE-2023-30555 SQL injection in sql_optimize.py explain method in Archery - GHSL-2022-108
Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases.Affected versions are subject to SQL injection in the explain method in sqloptimize.py. User input coming from the dbname...
OESA-2022-1642 python-django security update
A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate, aggregate, and extra methods are subject to SQL injection in column...