PT-2023-10134 · Unknown · Elgs Gosqljson
Published
2023-01-07
·
Updated
2023-02-22
·
CVE-2014-125064
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
elgs gosqljson (affected versions not specified)
Description
A critical issue has been found in elgs gosqljson, affecting the functions
QueryDbToArray/QueryDbToMap/ExecDb of the file gosqljson.go. The manipulation of the argument sqlStatement leads to sql injection.Recommendations
To fix this issue, it is recommended to apply a patch. The name of the patch is 2740b331546cb88eb61771df4c07d389e9f0363a. As a temporary workaround, consider restricting the manipulation of the
sqlStatement argument to minimize the risk of sql injection.Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Elgs Gosqljson