3 matches found
Sql injection
Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to multiple SQL injections in the sqlapi/apiworkflow.py endpoint ExecuteCheck. User input...
CVE-2023-30553 Multiple SQL injections in sql_api/api_workflow.py endpoint in Archery - GHSL-2022-102
Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to multiple SQL injections in the sqlapi/apiworkflow.py endpoint ExecuteCheck. User input...
CVE-2023-30553
CVE-2023-30553 affects Archery, an open-source SQL audit platform, containing multiple SQL injection vulnerabilities in the sql_api/api_workflow.py ExecuteCheck endpoint. User input from db_name and full_sql in ExecuteCheck is concatenated into SQL queries by vulnerable code paths in sql/engines/...