CVE-2022-0944

CVE-2022-0944 affects the SQLPad project (SQLPad, prior to 6.10.1). The vulnerability arises from template injection in the connection test endpoint, enabling remote code execution (RCE) with the privileges of the SQLPad process. Affected versions are SQLPad ≤ 6.10.0. Several public exploit PoCs ...

CVE-2022-0944 Template injection in connection test endpoint leads to RCE in sqlpad/sqlpad

Template injection in connection test endpoint leads to RCE in GitHub repository sqlpad/sqlpad prior to 6.10.1...

PT-2022-13544 · Sqlpad · Sqlpad

Name of the Vulnerable Software and Affected Versions: sqlpad versions prior to 6.10.1 Description: The issue is related to template injection in the connection test endpoint, which can lead to remote code execution RCE. This problem has been identified in the GitHub repository sqlpad/sqlpad. The...

Template injection in connection test endpoint leads to RCE

Description Please enter a description of the vulnerability. Proof of Concept Run a local docker instance sh sudo docker run -p 3000:3000 --name sqlpad -d --env SQLPADADMIN=admin --env SQLPADADMINPASSWORD=admin sqlpad/sqlpad:latest Navigate to http://localhost:3000/ Click on Connections-Add...