CVE-2016-8640
Description
A SQL injection vulnerability in pycsw all versions before 2.0.2, 1.10.5 and 1.8.6 that leads to read and extract of any data from any table in the pycsw database that the database user has access to. Also on PostgreSQL (at least) it is possible to perform updates/inserts/deletes and database modifications to any table the database user has access to.
Risk Information
Base Score
9.1
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score
Exploitation Probability
0.859
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2016-8640 are fixed in Python-pycsw 1.10.5 | Windows |
| Vulnerabilities CVE-2016-8640 are fixed in Python-pycsw 1.8.6 | Windows |
| Vulnerabilities CVE-2016-8640 are fixed in Python-pycsw 2.0.2 | Windows |
| Vulnerabilities CVE-2016-8640 are fixed in Python-pycsw for linux 1.10.5 | Linux |
| Vulnerabilities CVE-2016-8640 are fixed in Python-pycsw for linux 1.8.6 | Linux |
| Vulnerabilities CVE-2016-8640 are fixed in Python-pycsw for linux 2.0.2 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234