Vulnerability of the PostgresDB._process_insert_query() function (file web/db.py), a web application creation framework by web.py, allowing attackers to execute arbitrary SQL commands

The vulnerability of the PostgresDB.processinsertquery function located in the web/db.py file of the web.py web framework is related to the lack of security measures for SQL query structures. Exploiting this vulnerability allows an attacker to execute arbitrary SQL commands using the seqname...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection in the processinsertquery function in the PostgresDB class. An attacker who can control the tablename used in a query, which is passed to the seqname argument without escaping, can cause SQL to be executed. Remediation The...

webpy 注入漏洞

webpy is a simple and powerful python web framework from webpy open source. An injection vulnerability exists in webpy version 0.70, which stems from an incorrect manipulation of the parameter seqname in the file web/db.py resulting in SQL injection...