Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
NocoDB: SQL Injection via DATEADD Formula
Vulnerability Description
NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, an authenticated user with Creator role can inject arbitrary SQL via the DATEADD formula's unit parameter. This issue has been patched in version 0.301.3.
CVSS Information
N/A
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
NocoDB SQL注入漏洞
Vulnerability Description
NocoDB是nocodb开源的一个 Airtable 替代品。将任何 MySql、PostgreSql、Sql Server、Sqlite 和 MariaDb 转换为智能电子表格。 NocoDB 0.301.3之前版本存在SQL注入漏洞,该漏洞源于DATEADD公式的unit参数未经验证,可能导致SQL注入攻击。
CVSS Information
N/A
Vulnerability Type
N/A