SQL Injection

litellm is vulnerable to SQL Injection. The vulnerability is due to improper handling of the 'userid' parameter in the raw SQL query used for deleting users. This allows an attacker to inject malicious SQL commands, leading to potential unauthorized access to sensitive information such as API key...

GHSA-8J42-PCFM-3467 SQL injection in litellm

A blind SQL injection vulnerability exists in the berriai/litellm application, specifically within the '/team/update' process. The vulnerability arises due to the improper handling of the 'userid' parameter in the raw SQL query used for deleting users. An attacker can exploit this vulnerability b...

SUSE CVE-2021-30459

A SQL Injection issue in the SQL Panel in Jazzband Django Debug Toolbar before 1.11.1, 2.x before 2.2.1, and 3.x before 3.2.1 allows attackers to execute SQL statements by changing the rawsql input field of the SQL explain, analyze, or select form...

CVE-2022-23320

XMPie uStore 12.3.7244.0 allows for administrators to generate reports based on raw SQL queries. Since the application ships with default administrative credentials, an attacker may authenticate into the application and exfiltrate sensitive information from the database...

GHSA-PGHF-347X-C2GJ SQL Injection via in django-debug-toolbar

Impact With Django Debug Toolbar attackers are able to execute SQL by changing the rawsql input of the SQL explain, analyze or select forms and submitting the form. NOTE: This is a high severity issue for anyone using the toolbar in a production environment. Generally the Django Debug Toolbar tea...

PYSEC-2021-10

A SQL Injection issue in the SQL Panel in Jazzband Django Debug Toolbar before 1.11.1, 2.x before 2.2.1, and 3.x before 3.2.1 allows attackers to execute SQL statements by changing the rawsql input field of the SQL explain, analyze, or select form...