Lucene search
K

4 matches found

BDU FSTEC
BDU FSTEC
added 2025/04/30 12:0 a.m.8 views

Vulnerability of the PostgresDB._process_insert_query() function (file web/db.py), a web application creation framework by web.py, allowing attackers to execute arbitrary SQL commands

The vulnerability of the PostgresDB.processinsertquery function located in the web/db.py file of the web.py web framework is related to the lack of security measures for SQL query structures. Exploiting this vulnerability allows an attacker to execute arbitrary SQL commands using the seqname...

6.5CVSS7.1AI score0.00264EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2025/04/19 8:15 p.m.3 views

UBUNTU-CVE-2025-3818

A vulnerability, which was classified as critical, was found in webpy web.py 0.70. Affected is the function PostgresDB.processinsertquery of the file web/db.py. The manipulation of the argument seqname leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

6.3CVSS5.7AI score0.00264EPSS
Exploits0References6
Snyk
Snyk
added 2025/04/19 7:45 p.m.2 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection in the processinsertquery function in the PostgresDB class. An attacker who can control the tablename used in a query, which is passed to the seqname argument without escaping, can cause SQL to be executed. Remediation The...

6.5CVSS7.9AI score0.00264EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/04/19 12:0 a.m.4 views

webpy 注入漏洞

webpy is a simple and powerful python web framework from webpy open source. An injection vulnerability exists in webpy version 0.70, which stems from an incorrect manipulation of the parameter seqname in the file web/db.py resulting in SQL injection...

6.5CVSS6.8AI score0.00264EPSS
Exploits0References6
Rows per page
Query Builder