github.com/navidrome/navidrome is vulnerable to SQL injection. The vulnerability exists in OrderBy
function of criteria.go
due to not handling the conditional sql statements properly which allows a malicious attacker to inject and execute arbitrary SQL.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/navidrome/navidrome | eq | v0.47.0 | |
github.com/navidrome/navidrome | eq | v0.47.0 |