Vigil@nce - SQLALchemy : SQL injection via group_by
mai 2019 par Vigil@nce
SYNTHESIS OF THE VULNERABILITY
Impacted products : Debian.
Severity : 2/4.
Consequences : data reading, data creation/edition, data deletion.
Provenance : internet client.
Confidence : confirmed by the editor (5/5).
Creation date : 18/03/2019.
DESCRIPTION OF THE VULNERABILITY
An attacker can use a SQL injection via group_by of SQLALchemy, in order to read or alter data.
ACCESS TO THE FULL VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/SQLALchemy-SQL-injection-via-group-by-28764