Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
SQL injection vulnerability in the GetIssues function in models/issue.go in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.6.x before 0.5.6.1025 Beta allows remote attackers to execute arbitrary SQL commands via the label parameter to user/repos/issues.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Gogs SQL注入漏洞
Vulnerability Description
Gogs(又名Go Git Service)是Gogs团队开发的一个基于Go语言的自助Git托管服务,它支持创建、迁移公开/私有仓库,添加、删除仓库协作者等。 Gogs 0.3.1-9版本至0.5.6.1025 Beta之前0.5.6.x版本的models/issue.go文件中的‘GetIssues’函数中存在SQL注入漏洞,该漏洞源于user/repos/issues URI没有充分过滤‘label’参数。远程攻击者可利用该漏洞执行任意SQL命令。
CVSS Information
N/A
Vulnerability Type
N/A