Back to search
CVE-2016-8640
Published: Aug 1, 2018
Modified: Sep 17, 2024
PUBLISHED
Description
A SQL injection vulnerability in pycsw all versions before 2.0.2, 1.10.5 and 1.8.6 that leads to read and extract of any data from any table in the pycsw database that the database user has access to. Also on PostgreSQL (at least) it is possible to perform updates/inserts/deletes and database modifications to any table the database user has access to.
| Vendor | Product | Versions |
|---|---|---|
https://github.com/geopython | pycsw | affected all versions before 2.0.2, 1.10.5 and 1.8.6 |
Weaknesses (CWE)
References
94302
vdb-entry
x_refsource_BID
https://github.com/geopython/pycsw/pull/474/files
x_refsource_CONFIRM
[oss-security] 20161111 CVE-2016-8640 pycsw SQL injection issue
mailing-list
x_refsource_MLIST
https://patch-diff.githubusercontent.com/raw/geopython/pycsw/pull/474.patch
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now