Archery@1.9.0 Security Vulnerabilities and Issues — Archery@1.9.0 CVE List

Lucene search

ArcherydmsArchery1.9.0

9 matches found

CVE•added 2023/04/19 12:15 a.m.•101 views

CVE-2023-30553

Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to multiple SQL injections in the sql_api/api_workflow.py endpoint ExecuteCheck. User input c...

6.5CVSS6.8AI score0.00749EPSS

CVE•added 2023/04/19 12:15 a.m.•53 views

CVE-2023-30555

Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases.Affected versions are subject to SQL injection in the explain method in sql_optimize.py. User input coming from the db_name ...

6.5CVSS6.8AI score0.00749EPSS

CVE•added 2023/04/19 12:15 a.m.•41 views

CVE-2023-30552

Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to SQL injection in the sql/instance.py endpoint's describe method. In several cases, user in...

6.5CVSS6.8AI score0.00749EPSS

CVE•added 2023/04/19 12:15 a.m.•40 views

CVE-2023-30558

Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. User input coming from the db_name in the sql/data_dictionary.py table_list endpoint is passed to the methods that follow i...

6.5CVSS6.8AI score0.00749EPSS

CVE•added 2023/04/19 12:15 a.m.•37 views

CVE-2023-30605

Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. User input coming from the variable_name and variable_value parameter value in the sql/instance.py param_edit endpoint is p...

6.5CVSS6.9AI score0.00976EPSS

CVE•added 2023/04/19 12:15 a.m.•31 views

CVE-2023-30557

Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to SQL injection in the data_dictionary.py table_info. User input coming from the db_name in ...

6.5CVSS6.7AI score0.01014EPSS

CVE•added 2023/04/19 12:15 a.m.•30 views

CVE-2023-30554

Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to SQL injection in the sql_api/api_workflow.py endpoint ExecuteCheck which passes unfiltered...

6.5CVSS6.9AI score0.00329EPSS

CVE•added 2023/04/19 12:15 a.m.•29 views

CVE-2023-30556

Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to SQL injection in the optimize_sqltuningadvisor method of sql_optimize.py. User input comin...

6.5CVSS6.7AI score0.00329EPSS

CVE•added 2023/11/16 6:15 p.m.•29 views

CVE-2023-48053

Archery v1.10.0 uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption. This vulnerability can lead to the disclosure of information and communications.

7.5CVSS7.3AI score0.00155EPSS