QwikSec

Security Database

CVE

CWE

Training

CVE-2014-8681

Published: Nov 21, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

SQL injection vulnerability in the GetIssues function in models/issue.go in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.6.x before 0.5.6.1025 Beta allows remote attackers to execute arbitrary SQL commands via the label parameter to user/repos/issues.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

gogs-cve20148681-sql-injection(98695)

vdb-entry

x_refsource_XF

https://github.com/gogits/gogs/commit/83283bca4cb4e0f4ec48a28af680f0d88db3d2c8

x_refsource_CONFIRM

20141114 CVE-2014-8681 Blind SQL Injection in Gogs label search

mailing-list

x_refsource_FULLDISC

http://gogs.io/docs/intro/change_log.html

x_refsource_CONFIRM

http://packetstormsecurity.com/files/129116/Gogs-Label-Search-Blind-SQL-Injection.html

x_refsource_MISC

exploit

x_refsource_EXPLOIT-DB

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.