4 matches found
SQL Injection
Overview @vendure/core is an A modern, headless ecommerce framework Affected versions of this package are vulnerable to SQL Injection via the ProductService.findOneBySlug function in Admin and Vendure Shop API. An attacker can execute arbitrary SQL commands on the database by supplying a crafted...
Exploit for SQL Injection in Typeorm
CVE-2022-33171: TypeORM SQL Injection Note: This is a work...
PT-2022-21720 · Typeorm · Typeorm
Name of the Vulnerable Software and Affected Versions: TypeORM versions prior to 0.3.0 Description: The findOne function in TypeORM can be supplied with either a string or a FindOneOptions object. When the input to the function is a user-controlled parsed JSON object, supplying a crafted...
Yii 'findByCondition' Function SQL Injection Vulnerability
Yii is the Yii team developed a set of component-based , high-performance PHP framework for developing large-scale Web applications . A SQL injection vulnerability exists in the 'findByCondition' function in the framework/db/ActiveRecord.php file in version 2.x of Yii before 2.0.15. A remote...