CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
33.8%
Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to SQL injection in the sql/instance.py
endpoint’s describe
method. In several cases, user input coming from the tb_name
parameter value, the db_name
parameter value or the schema_name
value in the sql/instance.py
describe
endpoint is passed to the describe_table
methods in given SQL engine implementations, which concatenate user input unsafely into a SQL query and afterwards pass it to the query
method of each database engine for execution. Please take into account that in some cases all three parameter values are concatenated, in other only one or two of them. The affected methods are: describe_table
in sql/engines/clickhouse.py
which concatenates input which is passed to execution on the database in the query
method in sql/engines/clickhouse.py
, describe_table
in sql/engines/mssql.py
which concatenates input which is passed to execution on the database in the query
methods in sql/engines/mssql.py
, describe_table
in sql/engines/mysql.py
which concatenates input which is passed to execution on the database in the query
method in sql/engines/mysql.py
, describe_table
in sql/engines/oracle.py
which concatenates input which is passed to execution on the database in the query
methods in sql/engines/oracle.py
, describe_table
in sql/engines/pgsql.py
which concatenates input which is passed to execution on the database in the query
methods in sql/engines/pgsql.py
, describe_table
in sql/engines/phoenix.py
which concatenates input which is passed to execution on the database in the query
method in sql/engines/phoenix.py
. Each of these issues may be mitigated by escaping user input or by using prepared statements when executing SQL queries. This issue is also indexed as GHSL-2022-101
.
Vendor | Product | Version | CPE |
---|---|---|---|
archerydms | archery | 1.9.0 | cpe:2.3:a:archerydms:archery:1.9.0:*:*:*:*:*:*:* |
[
{
"vendor": "hhyo",
"product": "Archery",
"versions": [
{
"version": "<= 1.9.0",
"status": "affected"
}
]
}
]