4 matches found
CVE-2023-30605
Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. User input coming from the variablename and variablevalue parameter value in the sql/instance.py paramedit endpoint is...
Sql injection
Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. User input coming from the variablename and variablevalue parameter value in the sql/instance.py paramedit endpoint is...
CVE-2023-30605 Multiple SQL injections in sql/instance.py param_edit method in Archery - GHSL-2022-104
Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. User input coming from the variablename and variablevalue parameter value in the sql/instance.py paramedit endpoint is...
CVE-2023-30605
CVE-2023-30605 describes multiple SQL injection vulnerabilities in Archery, an open source SQL audit platform. The issue arises in the sql/instance.py param_edit endpoint, where user input from variable_name and variable_value is concatenated into SQL queries by several engine implementations (no...