7.5
CVSSv2

CVE-2019-7164

Published: 20/02/2019 Updated: 07/05/2019
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

SQLAlchemy up to and including 1.2.17 and 1.3.x up to and including 1.3.0b2 allows SQL Injection via the order_by parameter.

Vulnerability Trend

Vendor Advisories

Synopsis Moderate: python36:36 security update Type/Severity Security Advisory: Moderate Topic An update for the python36:36 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System ...
Synopsis Important: python27:27 security update Type/Severity Security Advisory: Important Topic An update for the python27:27 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Syst ...
Debian Bug report logs - #922669 sqlalchemy: CVE-2019-7164 CVE-2019-7548 (SQL injection) Package: src:sqlalchemy; Maintainer for src:sqlalchemy is Piotr O┼╝arowski <piotr@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 19 Feb 2019 06:51:02 UTC Severity: grave Tags: security, upstream Fo ...