SQLAlchemy 'limit' and 'offset' Parameters SQL Injection Vulnerabilities
BID:52330
Info
SQLAlchemy 'limit' and 'offset' Parameters SQL Injection Vulnerabilities
| Bugtraq ID: | 52330 |
| Class: | Input Validation Error |
| CVE: |
CVE-2012-0805 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 19 2012 12:00AM |
| Updated: | Apr 13 2015 10:06PM |
| Credit: | Thierry Carrez |
| Vulnerable: |
SQLAlchemy SQLAlchemy 0.7.0 SQLAlchemy SQLAlchemy 0.6.8 SQLAlchemy SQLAlchemy 0.6.7 Redhat Enterprise Linux Workstation 6 Redhat Enterprise Linux Server 6 Oracle Enterprise Linux 6.2 Oracle Enterprise Linux 6 Mandriva Linux Mandrake 2011 x86_64 Mandriva Linux Mandrake 2011 MandrakeSoft Enterprise Server 5 x86_64 MandrakeSoft Enterprise Server 5 Gentoo Linux Debian Linux 6.0 sparc Debian Linux 6.0 s/390 Debian Linux 6.0 powerpc Debian Linux 6.0 mips Debian Linux 6.0 ia-64 Debian Linux 6.0 ia-32 Debian Linux 6.0 arm Debian Linux 6.0 amd64 |
| Not Vulnerable: |
SQLAlchemy SQLAlchemy 0.7.0b |
Discussion
SQLAlchemy 'limit' and 'offset' Parameters SQL Injection Vulnerabilities
SQLAlchemy is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
SQLAlchemy is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.