Lucene search
K

5 matches found

NVD
NVD
added 2023/04/19 12:15 a.m.29 views

CVE-2023-30558

Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. User input coming from the dbname in the sql/datadictionary.py tablelist endpoint is passed to the methods that follow in...

6.5CVSS6.8AI score0.00835EPSS
Exploits1References1
Prion
Prion
added 2023/04/19 12:15 a.m.17 views

Sql injection

Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. User input coming from the dbname in the sql/datadictionary.py tablelist endpoint is passed to the methods that follow in...

4CVSS6.8AI score0.00835EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2023/04/18 10:35 p.m.56 views

CVE-2023-30558

CVE-2023-30558 affects Archery, an open source SQL audit platform. The vulnerability arises from multiple SQL injection flaws in the sql/data_dictionary.py table_list endpoint, where untrusted input from the db_name parameter is concatenated into SQL queries and passed to database engines. Affect...

6.5CVSS6.8AI score0.00835EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2023/04/18 10:35 p.m.31 views

CVE-2023-30558 Multiple SQL injections in sql/data_dictionary.py table_list method in Archery - GHSL-2022-105

Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. User input coming from the dbname in the sql/datadictionary.py tablelist endpoint is passed to the methods that follow in...

6.5CVSS7AI score0.00835EPSS
Exploits1References1
OSV
OSV
added 2023/04/18 10:35 p.m.23 views

CVE-2023-30558 Multiple SQL injections in sql/data_dictionary.py table_list method in Archery - GHSL-2022-105

Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. User input coming from the dbname in the sql/datadictionary.py tablelist endpoint is passed to the methods that follow in...

6.5CVSS7.3AI score0.00835EPSS
Exploits1References3
Rows per page
Query Builder