Command Injection

sqls-server/sqls is vulnerable to Command Injection. The vulnerability is due to improper sanitization of the EDITOR environment variable and config file path in the openEditor function, which allows an attacker to execute arbitrary commands through crafted input passed to sh -c...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the openEditor function when the EDITOR environment variable and configuration file path that are passed unsanitized to a shell command. An attacker can execute arbitrary system commands by manipulating the EDITOR...

CVE-2025-61141

sqls-server/sqls 0.2.28 is vulnerable to command injection in the config command because the openEditor function passes the EDITOR environment variable and config file path to sh -c without sanitization, allowing attackers to execute arbitrary commands...

sqls 安全漏洞

sqls is the sqls-server open source a SQL language server written in Go. A security vulnerability exists in sqls version 0.2.28, which stems from the openEditor function not cleaning up the EDITOR environment variable and configuration file path, which could lead to a command injection attack...

CVE-2025-61141

The CVE-2025-61141 entry concerns sqls-server/sqls version 0.2.28, which is vulnerable to command injection in the config command. The root cause is that openEditor passes the EDITOR environment variable and the config file path to sh -c without sanitization, enabling an attacker to execute arbit...

PT-2025-44455

Name of the Vulnerable Software and Affected Versions sqls-server/sqls version 0.2.28 Description sqls-server/sqls version 0.2.28 contains a command injection issue in the config command. The openEditor function passes the EDITOR environment variable and the config file path to sh -c without prop...