3 matches found
CVE-2025-66336 Apache Doris MCP Server: SQL injection leading the authentication bypass
Apache Doris MCP Server contains a SQL injection vulnerability in a metadata query path. A user-controlled database name is directly interpolated into a SQL query, and the query is executed without passing the caller's authorization context. This may allow an authenticated attacker, or an anonymo...
Path Traversal
github.com/clidey/whodb/core is vulnerable to Path Traversal. The vulnerability is due to improper path validation due to the lack of checks when joining user-controlled database file names with the default directory, allowing an attacker to use path traversal ../../ to access any Sqlite3 databas...
Apache Derby External Control Input Vulnerability
Apache Derby is the United States Apache Apache Software Foundation developed a set of open source database management system. A security vulnerability exists in Apache Derby versions 10.3.1.4 through 10.14.1.0, which is caused by the program failing to properly validate incoming network packets....