Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Chartbrew: SQL injection in date-type variable handling (applyMysqlOrPostgresVariables)
Vulnerability Description
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.3, an unauthenticated attacker can inject arbitrary SQL into queries executed against databases connected to Chartbrew (MySQL, PostgreSQL). This allows reading, modifying, or deleting data in those databases depending on the database user's privileges. This issue has been patched in version 4.8.3.
CVSS Information
N/A
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
chartbrew SQL注入漏洞
Vulnerability Description
chartbrew是Chartbrew开源的一个数据可视化与仪表盘构建工具。 Chartbrew 4.8.3之前版本存在SQL注入漏洞,该漏洞源于未经验证的攻击者可以向数据库查询注入任意SQL,可能导致读取、修改或删除数据库中的数据。
CVSS Information
N/A
Vulnerability Type
N/A