Key Information from the Webpage Screenshot Title Hasura GraphQL 1.3.3 Local File Read via SQL Injection Severity Medium Date December 22, 2025 Affected Product Hasura GraphQL 1.3.3 Advisory ID VUL-2021-47714 CVE CVE-2021-47714 CWE CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CVSS Score 4.0 Vector: AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N References ExploitDB-49790 Hasura GraphQL Engine GitHub Repository Credit Dovei Farhi Description Hasura GraphQL 1.3.3 contains a local file read vulnerability that allows attackers to access system files through SQL injection in the query endpoint. Attackers can exploit the pg_read_file() PostgreSQL function by crafting malicious SQL queries to read arbitrary files on the server.