Home > Vulnerability Database > CVE-2023-30556

Mend.io Vulnerability Database

CVE-2023-30556

Date: April 18, 2023

Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to SQL injection in the `optimize_sqltuningadvisor` method of `sql_optimize.py`. User input coming from the `db_name` parameter value in `sql_optimize.py` is passed to the `sqltuningadvisor` method in `oracle.py`for execution. To mitigate escape the variables accepted via user input when used in `sql_optimize.py`. Users may also use prepared statements when dealing with SQL as a mitigation for this issue. This issue is also indexed as `GHSL-2022-107`.

Language: Python

Severity Score

6.5

Related Resources (3)

Url: https://github.com/hhyo/Archery/security/advisories/GHSA-6pv9-9gq7-hr68

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-30556

Url: https://www.mend.io/vulnerability-database/CVE-2023-30556

Severity Score

6.5

Weakness Type (CWE)

SQL Injection

CWE-89

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-30556

Date: April 18, 2023

Language: Python

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?