Lucene search
K

4 matches found

NVD
NVD
added 2023/04/19 12:15 a.m.43 views

CVE-2023-30605

Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. User input coming from the variablename and variablevalue parameter value in the sql/instance.py paramedit endpoint is...

6.5CVSS6.9AI score0.00844EPSS
Exploits1References2
Prion
Prion
added 2023/04/19 12:15 a.m.23 views

Sql injection

Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. User input coming from the variablename and variablevalue parameter value in the sql/instance.py paramedit endpoint is...

4CVSS6.9AI score0.00844EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2023/04/18 10:35 p.m.36 views

CVE-2023-30605 Multiple SQL injections in sql/instance.py param_edit method in Archery - GHSL-2022-104

Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. User input coming from the variablename and variablevalue parameter value in the sql/instance.py paramedit endpoint is...

6.5CVSS7.1AI score0.00844EPSS
Exploits1References2
CVE
CVE
added 2023/04/18 10:35 p.m.53 views

CVE-2023-30605

CVE-2023-30605 describes multiple SQL injection vulnerabilities in Archery, an open source SQL audit platform. The issue arises in the sql/instance.py param_edit endpoint, where user input from variable_name and variable_value is concatenated into SQL queries by several engine implementations (no...

6.5CVSS6.9AI score0.00844EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder