19 matches found
SQL Injection
Overview n8n is a n8n Workflow Automation Tool Affected versions of this package are vulnerable to SQL Injection in the orderByColumn expression of the Data Table Get node. An attacker with permissions to create or modify workflows can execute arbitrary SQL commands by supplying crafted input,...
SQL Injection
Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to SQL Injection in the orderByColumn expression of the Data Table Get node. An attacker with permissions to create or modify workflows can execute arbitrary SQL commands by supplying crafted input,...
GHSA-98C2-4CR3-4JC3 n8n has SQL Injection in Data Table Node via orderByColumn Expression
Impact An authenticated user with permission to create or modify workflows could exploit a SQL injection vulnerability in the Data Table Get node. On default SQLite DB, single statements can be manipulated and the attack surface is practically limited. On PostgreSQL deployments, multi-statement...
CVE-2026-33713 n8n Vulnerable to SQL Injection in Data Table Node via orderByColumn Expression
n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.26, an authenticated user with permission to create or modify workflows could exploit a SQL injection vulnerability in the Data Table Get node. On default SQLite DB, single statements can be manipulate...
CVE-2026-33713
The CVE-2026-33713 issue affects n8n before versions 1.123.26, 2.13.3, and 2.14.1, where an authenticated user with workflow permissions could exploit a SQL injection in the Data Table Get node. On SQLite, single statements can be manipulated, while PostgreSQL deployments allow multi-statement ex...
CVE-2026-33713 n8n Vulnerable to SQL Injection in Data Table Node via orderByColumn Expression
n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.26, an authenticated user with permission to create or modify workflows could exploit a SQL injection vulnerability in the Data Table Get node. On default SQLite DB, single statements can be manipulate...
EUVD-2025-25735
Malicious code in bioql PyPI...
CVE-2025-9412
A vulnerability was detected in lostvip-com ruoyi-go up to 2.1. This affects the function SelectListByPage of the file modules/system/dao/DictDataDao.go. The manipulation of the argument orderByColumn/isAsc results in sql injection. The attack can be launched remotely. The exploit is now public a...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection via the SelectListByPage function in the DictTypeDao.go file when processing the orderByColumn and isAsc arguments. An attacker can execute arbitrary SQL commands by supplying crafted input to these parameters. Remediation...
CVE-2025-9413
A flaw has been found in lostvip-com ruoyi-go up to 2.1. This impacts the function SelectListByPage of the file modules/system/systemrouter.go. This manipulation of the argument orderByColumn/isAsc causes sql injection. The attack may be initiated remotely. The exploit has been published and may ...
CVE-2025-9412
A vulnerability was detected in lostvip-com ruoyi-go up to 2.1. This affects the function SelectListByPage of the file modules/system/dao/DictDataDao.go. The manipulation of the argument orderByColumn/isAsc results in sql injection. The attack can be launched remotely. The exploit is now public a...
CVE-2025-9413 lostvip-com ruoyi-go system_router.go SelectListByPage sql injection
A flaw has been found in lostvip-com ruoyi-go up to 2.1. This impacts the function SelectListByPage of the file modules/system/systemrouter.go. This manipulation of the argument orderByColumn/isAsc causes sql injection. The attack may be initiated remotely. The exploit has been published and may ...
CVE-2025-9413
CVE-2025-9413 affects lostvip-com ruoyi-go up to version 2.1. The vulnerability is in the function SelectListByPage (modules/system/system_router.go), where manipulation of the arguments orderByColumn and isAsc enables SQL injection. The issue can be triggered remotely; a public exploit has been ...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection via the SelectListByPage function in the file DictDataDao.go when processing the orderByColumn or isAsc arguments. An attacker can execute arbitrary SQL commands by supplying crafted input to these parameters. Remediation...
CVE-2025-9412 lostvip-com ruoyi-go DictDataDao.go SelectListByPage sql injection
A vulnerability was detected in lostvip-com ruoyi-go up to 2.1. This affects the function SelectListByPage of the file modules/system/dao/DictDataDao.go. The manipulation of the argument orderByColumn/isAsc results in sql injection. The attack can be launched remotely. The exploit is now public a...
CVE-2025-9412
CVE-2025-9412 affects lostvip-com ruoyi-go up to version 2.1, targeting the file DictDataDao.go in function SelectListByPage . The vulnerability arises from improper handling of the arguments orderByColumn and isAsc , enabling SQL injection via manipulated input. It is remotely exploitable and th...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection via the SelectListByPage function in the GenTableDao.go file. An attacker can access or modify sensitive data, or disrupt application functionality by manipulating the isAsc or orderByColumn arguments in crafted requests...
PT-2025-34697 · Ruoyi-Go · Ruoyi-Go
Name of the Vulnerable Software and Affected Versions: ruoyi-go versions up to 2.1 Description: A flaw has been found in the SelectListByPage function of the modules/system/system router.go file. Manipulation of the orderByColumn and isAsc arguments can lead to SQL injection. The attack may be...
ruoyi-go 安全漏洞
ruoyi-go is a backend management system for individual developers at lostvip.com. A security vulnerability exists in ruoyi-go 2.1 and earlier versions, which originates from the improper handling of the orderByColumn/isAsc parameter in the SelectListByPage function in the file...