Multiple SQL injection vulnerabilities in Gogs (aka Go Git Service) 0.3.1-9 up to and including 0.5.x prior to 0.5.6.1105 Beta allow remote malicious users to execute arbitrary SQL commands via the q parameter to (1) api/v1/repos/search, which is not properly handled in models/repo.go, or (2) api/v1/users/search, which is not properly handled in models/user.go.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gogits gogs 0.3.1-9 |
||
gogits gogs 0.4.1 |
||
gogits gogs 0.4.2 |
||
gogits gogs 0.5.0 |
||
gogits gogs 0.5.2 |
||
gogits gogs |