HomePentest-Tools.com Logo

Gogs (Go Git Service) - SQL Injection CVE-2014-8682

Severity
CVSSv3 Score
7.5
Vulnerability description

Multiple SQL injection vulnerabilities in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.x before 0.5.6.1105 Beta allow remote attackers to execute arbitrary SQL commands via the q parameter to (1) api/v1/repos/search, which is not properly handled in models/repo.go, or (2) api/v1/users/search, which is not properly handled in models/user.go.

Risk description

No risk description to display.

Recommendation

Apply the latest security patches and updates provided by the Gogs project to mitigate the SQL Injection vulnerability.

Codename
Not available
Detectable with
Network Scanner
Scan engine
Nuclei
Exploitable with Sniper
No
CVE Published
Nov 21, 2014
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available