Lucene search
K

19 matches found

Snyk
Snyk
added 2026/03/26 4:41 p.m.5 views

SQL Injection

Overview n8n is a n8n Workflow Automation Tool Affected versions of this package are vulnerable to SQL Injection in the orderByColumn expression of the Data Table Get node. An attacker with permissions to create or modify workflows can execute arbitrary SQL commands by supplying crafted input,...

8.8CVSS6.2AI score0.00423EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/26 4:41 p.m.2 views

SQL Injection

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to SQL Injection in the orderByColumn expression of the Data Table Get node. An attacker with permissions to create or modify workflows can execute arbitrary SQL commands by supplying crafted input,...

8.8CVSS6.2AI score0.00423EPSS
Exploits0References2
OSV
OSV
added 2026/03/26 4:41 p.m.4 views

GHSA-98C2-4CR3-4JC3 n8n has SQL Injection in Data Table Node via orderByColumn Expression

Impact An authenticated user with permission to create or modify workflows could exploit a SQL injection vulnerability in the Data Table Get node. On default SQLite DB, single statements can be manipulated and the attack surface is practically limited. On PostgreSQL deployments, multi-statement...

9.9CVSS6.1AI score0.00423EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/25 5:47 p.m.3 views

CVE-2026-33713 n8n Vulnerable to SQL Injection in Data Table Node via orderByColumn Expression

n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.26, an authenticated user with permission to create or modify workflows could exploit a SQL injection vulnerability in the Data Table Get node. On default SQLite DB, single statements can be manipulate...

8.7CVSS6AI score0.00423EPSS
Exploits0References1
CVE
CVE
added 2026/03/25 5:47 p.m.29 views

CVE-2026-33713

The CVE-2026-33713 issue affects n8n before versions 1.123.26, 2.13.3, and 2.14.1, where an authenticated user with workflow permissions could exploit a SQL injection in the Data Table Get node. On SQLite, single statements can be manipulated, while PostgreSQL deployments allow multi-statement ex...

8.8CVSS6AI score0.00423EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/03/25 5:47 p.m.4 views

CVE-2026-33713 n8n Vulnerable to SQL Injection in Data Table Node via orderByColumn Expression

n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.26, an authenticated user with permission to create or modify workflows could exploit a SQL injection vulnerability in the Data Table Get node. On default SQLite DB, single statements can be manipulate...

8.7CVSS6.1AI score0.00423EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-25735

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.0032EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/08/30 6:21 p.m.6 views

CVE-2025-9412

A vulnerability was detected in lostvip-com ruoyi-go up to 2.1. This affects the function SelectListByPage of the file modules/system/dao/DictDataDao.go. The manipulation of the argument orderByColumn/isAsc results in sql injection. The attack can be launched remotely. The exploit is now public a...

6.5CVSS6.6AI score0.0032EPSS
Exploits0References1
Snyk
Snyk
added 2025/08/25 6:41 p.m.3 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the SelectListByPage function in the DictTypeDao.go file when processing the orderByColumn and isAsc arguments. An attacker can execute arbitrary SQL commands by supplying crafted input to these parameters. Remediation...

9.8CVSS8.6AI score0.00436EPSS
Exploits0References2
NVD
NVD
added 2025/08/25 6:15 p.m.6 views

CVE-2025-9413

A flaw has been found in lostvip-com ruoyi-go up to 2.1. This impacts the function SelectListByPage of the file modules/system/systemrouter.go. This manipulation of the argument orderByColumn/isAsc causes sql injection. The attack may be initiated remotely. The exploit has been published and may ...

9.8CVSS0.00436EPSS
Exploits0References6
OSV
OSV
added 2025/08/25 6:15 p.m.4 views

CVE-2025-9412

A vulnerability was detected in lostvip-com ruoyi-go up to 2.1. This affects the function SelectListByPage of the file modules/system/dao/DictDataDao.go. The manipulation of the argument orderByColumn/isAsc results in sql injection. The attack can be launched remotely. The exploit is now public a...

9.8CVSS7.2AI score
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/08/25 6:2 p.m.3 views

CVE-2025-9413 lostvip-com ruoyi-go system_router.go SelectListByPage sql injection

A flaw has been found in lostvip-com ruoyi-go up to 2.1. This impacts the function SelectListByPage of the file modules/system/systemrouter.go. This manipulation of the argument orderByColumn/isAsc causes sql injection. The attack may be initiated remotely. The exploit has been published and may ...

6.5CVSS7.3AI score0.00436EPSS
Exploits0References6
CVE
CVE
added 2025/08/25 6:2 p.m.19 views

CVE-2025-9413

CVE-2025-9413 affects lostvip-com ruoyi-go up to version 2.1. The vulnerability is in the function SelectListByPage (modules/system/system_router.go), where manipulation of the arguments orderByColumn and isAsc enables SQL injection. The issue can be triggered remotely; a public exploit has been ...

9.8CVSS6.6AI score0.00436EPSS
Exploits0References6Affected Software1
Snyk
Snyk
added 2025/08/25 5:45 p.m.4 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the SelectListByPage function in the file DictDataDao.go when processing the orderByColumn or isAsc arguments. An attacker can execute arbitrary SQL commands by supplying crafted input to these parameters. Remediation...

9.8CVSS8.5AI score0.0032EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/08/25 5:32 p.m.11 views

CVE-2025-9412 lostvip-com ruoyi-go DictDataDao.go SelectListByPage sql injection

A vulnerability was detected in lostvip-com ruoyi-go up to 2.1. This affects the function SelectListByPage of the file modules/system/dao/DictDataDao.go. The manipulation of the argument orderByColumn/isAsc results in sql injection. The attack can be launched remotely. The exploit is now public a...

6.5CVSS0.0032EPSS
Exploits0References6
CVE
CVE
added 2025/08/25 5:32 p.m.20 views

CVE-2025-9412

CVE-2025-9412 affects lostvip-com ruoyi-go up to version 2.1, targeting the file DictDataDao.go in function SelectListByPage . The vulnerability arises from improper handling of the arguments orderByColumn and isAsc , enabling SQL injection via manipulated input. It is remotely exploitable and th...

9.8CVSS6.7AI score0.0032EPSS
Exploits0References6Affected Software1
Snyk
Snyk
added 2025/08/25 4:46 p.m.5 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the SelectListByPage function in the GenTableDao.go file. An attacker can access or modify sensitive data, or disrupt application functionality by manipulating the isAsc or orderByColumn arguments in crafted requests...

9.8CVSS7.9AI score0.0032EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/08/25 12:0 a.m.9 views

PT-2025-34697 · Ruoyi-Go · Ruoyi-Go

Name of the Vulnerable Software and Affected Versions: ruoyi-go versions up to 2.1 Description: A flaw has been found in the SelectListByPage function of the modules/system/system router.go file. Manipulation of the orderByColumn and isAsc arguments can lead to SQL injection. The attack may be...

6.5CVSS6.7AI score0.00436EPSS
Exploits0References10
CNNVD
CNNVD
added 2025/08/25 12:0 a.m.4 views

ruoyi-go 安全漏洞

ruoyi-go is a backend management system for individual developers at lostvip.com. A security vulnerability exists in ruoyi-go 2.1 and earlier versions, which originates from the improper handling of the orderByColumn/isAsc parameter in the SelectListByPage function in the file...

9.8CVSS6.8AI score0.0032EPSS
Exploits0References7
Rows per page
Query Builder