| Titel | web.py 0.70 SQL Injection |
|---|
| Beschreibung | In the PostgresDB._process_insert_query method of web/db.py, the seqname parameter is not properly filtered or escaped.When using PostgreSQL database, attackers can inject arbitrary SQL commands by controlling the sequence name parameter |
|---|
| Quelle | ⚠️ https://noppgwz8if.feishu.cn/docx/TxjpddUpTokyBwxibSgcTRr7nUf |
|---|
| Benutzer | Luaklein (UID 83974) |
|---|
| Einreichung | 10.04.2025 06:30 (vor 1 Jahr) |
|---|
| Moderieren | 19.04.2025 01:50 (9 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 305724 [webpy web.py 0.70 web/db.py PostgresDB._process_insert_query seqname SQL Injection] |
|---|
| Punkte | 17 |
|---|