Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 19/04/2023 Updated: 01/05/2023

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 0

Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an malicious user to query the connected databases. Affected versions are subject to SQL injection in the `optimize_sqltuningadvisor` method of `sql_optimize.py`. User input coming from the `db_name` parameter value in `sql_optimize.py` is passed to the `sqltuningadvisor` method in `oracle.py`for execution. To mitigate escape the variables accepted via user input when used in `sql_optimize.py`. Users may also use prepared statements when dealing with SQL as a mitigation for this issue. This issue is also indexed as `GHSL-2022-107`.

Vulnerable Product	Search on Vulmon	Subscribe to Product
archerydms archery 1.9.0

CWE-89 https://github.com/hhyo/Archery/security/advisories/GHSA-6pv9-9gq7-hr68 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-30556

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect