Lucene search
Veracode Vulnerability DatabaseVERACODE:4156HistoryMay 03, 2017 - 8:30 a.m.
SQL Injection
2017-05-0308:30:55
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
0.002 Low
EPSS
Percentile
56.7%
github.com/gogits/gogs is vulnerable to SQL injection attacks. These attacks are possible through the label parameter given to the GetIssues function in models/issue.go
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/gogits/gogs | eq | HEAD | |
| github.com/gogits/gogs | le | 0.5.7 |
References
gogs.io/docs/intro/change_log.html
packetstormsecurity.com/files/129116/Gogs-Label-Search-Blind-SQL-Injection.html
seclists.org/fulldisclosure/2014/Nov/31
www.exploit-db.com/exploits/35237
exchange.xforce.ibmcloud.com/vulnerabilities/98695
github.com/gogits/gogs/commit/83283bca4cb4e0f4ec48a28af680f0d88db3d2c8
www.exploit-db.com/exploits/35237/
Related
packetstorm
packetstorm
Gogs Label Search Blind SQL Injection
2014-11-14 00:00:00
osv
osv
SQL Injection in gogs.io/gogs
2021-06-29 18:32:44
SQL Injection in github.com/gogits/gogs
2021-04-14 20:04:52
nvd
nvd
CVE-2014-8681
2014-11-21 15:59:08
github
github
SQL Injection in gogs.io/gogs
2021-06-29 18:32:44
prion
prion
Sql injection
2014-11-21 15:59:00
cve
cve
CVE-2014-8681
2014-11-21 15:59:08
exploitpack
exploitpack
Gogs - label SQL Injection
2014-11-14 00:00:00
cvelist
cvelist
CVE-2014-8681
2014-11-21 15:00:00
gitlab
gitlab
exploitdb
exploitdb
Gogs - 'label' SQL Injection
2014-11-14 00:00:00
zdt
zdt
Gogs Blind SQL Injection Vulnerability
2014-11-15 00:00:00
openvas
openvas
Gogs >= 0.3.1, < 0.5.8 Multiple Vulnerabilities
2015-02-06 00:00:00