CVE-2022-0944

Name of the Vulnerable Software and Affected Versions sqlpad versions prior to 6.10.1

Description The issue is related to template injection in the connection test endpoint, which can lead to remote code execution (RCE). This problem has been identified in the GitHub repository sqlpad/sqlpad. There have been reports of activities targeting this issue, and it has been exploited in real-world incidents, including for initial shell access in active machines. The exploitation involves template injection, which is a technique where an attacker injects malicious templates to execute unauthorized code.

Recommendations For versions prior to 6.10.1, update to version 6.10.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the connection test endpoint to minimize the risk of exploitation. Avoid using the vulnerable endpoint until the issue is resolved.