10 matches found
EUVD-2025-3946
Malicious code in bioql PyPI...
The vulnerability of the WhoDB database management system lies in the insufficient neutralization of special elements in data queries, allowing attackers to gain unauthorized access to protected information.
The vulnerability of the WhoDB database management system is related to the insufficient neutralization of special elements in data queries. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information...
CVE-2025-24787
WhoDB is an open source database management tool. In affected versions the application is vulnerable to parameter injection in database connection strings, which allows an attacker to read local files on the machine the application is running on. The application uses string concatenation to build...
GHSA-9R4C-JWX3-3J76 WhoDB has a path traversal opening Sqlite3 database
Summary While the application only displays Sqlite3 databases present in the directory /db, there is no path traversal prevention in place. This allows an unauthenticated attacker to open any Sqlite3 database present on the host machine that the application is running on. Details WhoDB allows use...
CVE-2025-24786
WhoDB is an open source database management tool. While the application only displays Sqlite3 databases present in the directory /db, there is no path traversal prevention in place. This allows an unauthenticated attacker to open any Sqlite3 database present on the host machine that the applicati...
CVE-2025-24787
WhoDB is an open source database management tool. In affected versions the application is vulnerable to parameter injection in database connection strings, which allows an attacker to read local files on the machine the application is running on. The application uses string concatenation to build...
CVE-2025-24786 Path traversal opening Sqlite3 database in WhoDB
WhoDB is an open source database management tool. While the application only displays Sqlite3 databases present in the directory /db, there is no path traversal prevention in place. This allows an unauthenticated attacker to open any Sqlite3 database present on the host machine that the applicati...
CVE-2025-24787 Parameter injection in DB connection URIs leading to local file inclusion in WhoDB
WhoDB is an open source database management tool. In affected versions the application is vulnerable to parameter injection in database connection strings, which allows an attacker to read local files on the machine the application is running on. The application uses string concatenation to build...
CVE-2025-24787 Parameter injection in DB connection URIs leading to local file inclusion in WhoDB
WhoDB is an open source database management tool. In affected versions the application is vulnerable to parameter injection in database connection strings, which allows an attacker to read local files on the machine the application is running on. The application uses string concatenation to build...
CVE-2025-24787
CVE-2025-24787 affects WhoDB, where unsafe construction of database connection URIs (string concatenation) can inject parameters into the URI. Attackers can leverage the go-sql-driver/mysql parameter allowAllFiles to trigger LOAD DATA LOCAL INFILE, enabling local-file disclosure on the host runni...