CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

22 matches found

WhoDB < 0.45.0 - Path Traversal

WhoDB contains a path traversal caused by lack of validation when opening database files, letting unauthenticated attackers access arbitrary Sqlite3 databases on the host system, exploit requires attacker to manipulate database filename input. id: CVE-2025-24786 info: name: WhoDB 0.45.0 - Path...

10CVSS7.2AI score0.51816EPSS

Exploits1References3

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2025-3946

Malicious code in bioql PyPI...

10CVSS6.8AI score0.51816EPSS

Exploits1References5

Veracode•added 2025/02/11 10:25 a.m.•8 views

Parameter Injection

github.com/clidey/whodb/core is vulnerable to Parameter Injection. The vulnerability is due to unsafe string concatenation due to improper handling of user input in database connection URIs, allowing an attacker to inject parameters like allowAllFiles=true and read local files thr ugh the LOAD DA...

8.6CVSS8.2AI score0.00183EPSS

Exploits0References5Affected Software1

SUSE CVE•added 2025/02/11 3:47 a.m.•1 views

SUSE CVE-2025-24787

WhoDB is an open source database management tool. In affected versions the application is vulnerable to parameter injection in database connection strings, which allows an attacker to read local files on the machine the application is running on. The application uses string concatenation to build...

7.5CVSS7.1AI score0.00183EPSS

Exploits0References3

RedhatCVE•added 2025/02/08 7:21 p.m.•4 views

CVE-2025-24787

8.6CVSS6.7AI score0.00183EPSS

Exploits0References1

RedhatCVE•added 2025/02/08 7:21 p.m.•6 views

CVE-2025-24786

WhoDB is an open source database management tool. While the application only displays Sqlite3 databases present in the directory /db, there is no path traversal prevention in place. This allows an unauthenticated attacker to open any Sqlite3 database present on the host machine that the applicati...

10CVSS6.8AI score0.51816EPSS

Exploits1References1

OSV•added 2025/02/07 10:47 p.m.•9 views

GO-2025-3456 WhoDB has a path traversal opening Sqlite3 database in github.com/clidey/whodb/core

WhoDB has a path traversal opening Sqlite3 database in github.com/clidey/whodb/core...

10CVSS9.4AI score0.51816EPSS

Exploits1References5

OSV•added 2025/02/06 7:58 p.m.•11 views

GHSA-9R4C-JWX3-3J76 WhoDB has a path traversal opening Sqlite3 database

Summary While the application only displays Sqlite3 databases present in the directory /db, there is no path traversal prevention in place. This allows an unauthenticated attacker to open any Sqlite3 database present on the host machine that the application is running on. Details WhoDB allows use...

10CVSS9.3AI score0.51816EPSS

Exploits1References6

NVD•added 2025/02/06 7:15 p.m.•14 views

CVE-2025-24786

10CVSS0.51816EPSS

Exploits1References3

NVD•added 2025/02/06 7:15 p.m.•8 views

CVE-2025-24787

8.6CVSS0.00183EPSS

Exploits0References2

Cvelist•added 2025/02/06 6:41 p.m.•20 views

CVE-2025-24786 Path traversal opening Sqlite3 database in WhoDB

10CVSS0.51816EPSS

Exploits1References3

CVE•added 2025/02/06 6:41 p.m.•108 views

CVE-2025-24786

WhoDB (CVE-2025-24786) contains a path-traversal vulnerability in the SQLite3 access logic. The app exposes databases that may be opened via a user-supplied filename, constructing a path with a default directory (/db or ./tmp in dev) and using .Join() without validating that the path stays within...

10CVSS9.5AI score0.51816EPSS

Exploits1References3Affected Software1

Vulnrichment•added 2025/02/06 6:41 p.m.•11 views

CVE-2025-24786 Path traversal opening Sqlite3 database in WhoDB

10CVSS9.5AI score0.51816EPSS

Exploits1References3

Vulnrichment•added 2025/02/06 6:41 p.m.•14 views

CVE-2025-24787 Parameter injection in DB connection URIs leading to local file inclusion in WhoDB

8.6CVSS8.5AI score0.00183EPSS

Exploits0References2

Cvelist•added 2025/02/06 6:41 p.m.•16 views

CVE-2025-24787 Parameter injection in DB connection URIs leading to local file inclusion in WhoDB

8.6CVSS0.00183EPSS

Exploits0References2

OSV•added 2025/02/06 6:41 p.m.•2 views

CVE-2025-24787 Parameter injection in DB connection URIs leading to local file inclusion in WhoDB

8.6CVSS7.1AI score0.00183EPSS

Exploits0References4

CVE•added 2025/02/06 6:41 p.m.•67 views

CVE-2025-24787

CVE-2025-24787 affects WhoDB, where unsafe construction of database connection URIs (string concatenation) can inject parameters into the URI. Attackers can leverage the go-sql-driver/mysql parameter allowAllFiles to trigger LOAD DATA LOCAL INFILE, enabling local-file disclosure on the host runni...

8.6CVSS8.5AI score0.00183EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2025/02/06 12:0 a.m.•2 views

PT-2025-5856

Name of the Vulnerable Software and Affected Versions WhoDB versions prior to 0.45.0 Description The issue allows an unauthenticated attacker to open any Sqlite3 database present on the host machine that the application is running on, due to the lack of path traversal prevention. The database fil...

10CVSS7.6AI score0.51816EPSS

Exploits4References51

CNNVD•added 2025/02/06 12:0 a.m.•1 views

WhoDB 安全漏洞

WhoDB is a data browser from clidey open source. A security vulnerability exists in WhoDB 0.45.0 and earlier versions, which stems from not escaping or encoding user input, allowing an attacker to read local files via injected parameters such as &allowAllFiles=true...

8.6CVSS6.4AI score0.00183EPSS

Exploits0References2

CNNVD•added 2025/02/06 12:0 a.m.•2 views

WhoDB 安全漏洞

WhoDB is a data browser from clidey open source. A security vulnerability exists in WhoDB 0.45.0 and earlier versions, which stems from the lack of protection against path traversal, allowing an unauthenticated attacker to open any Sqlite3 database on the running host...

10CVSS6.7AI score0.51816EPSS

Exploits1References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by