7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
8.7 High
AI Score
Confidence
Low
0.004 Low
EPSS
Percentile
73.0%
Multiple SQL injection vulnerabilities in SQLAlchemy before 0.7.0b4, as used in Keystone, allow remote attackers to execute arbitrary SQL commands via the (1) limit or (2) offset keyword to the select function, or unspecified vectors to the (3) select.limit or (4) select.offset function.
CPE | Name | Operator | Version |
---|---|---|---|
sqlalchemy | lt | 0.7.0b4 |
rhn.redhat.com/errata/RHSA-2012-0369.html
www.debian.org/security/2012/dsa-2449
www.mandriva.com/security/advisories?name=MDVSA-2012:059
www.sqlalchemy.org/changelog/CHANGES_0_7_0
www.sqlalchemy.org/trac/changeset/852b6a1a87e7
bugs.launchpad.net/keystone/+bug/918608
exchange.xforce.ibmcloud.com/vulnerabilities/73756
github.com/advisories/GHSA-hfg2-wf6j-x53p
github.com/sqlalchemy/sqlalchemy/commit/51fea2e159ca93daa0bc8066a5c35d8436d99418
nvd.nist.gov/vuln/detail/CVE-2012-0805
web.archive.org/web/20140721183117/secunia.com/advisories/48771
web.archive.org/web/20140802043526/secunia.com/advisories/48328
web.archive.org/web/20140802044957/secunia.com/advisories/48327