CVE-2014-8681
published 2014-11-21CVE-2014-8681: SQL injection vulnerability in the GetIssues function in models/issue.go in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.6.x before 0.5.6.1025 Beta allows…
PriorityP350high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
4.58%
90.4th percentile
SQL injection vulnerability in the GetIssues function in models/issue.go in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.6.x before 0.5.6.1025 Beta allows remote attackers to execute arbitrary SQL commands via the label parameter to user/repos/issues.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | gogits_gogs | >= 0 < 0.5.8 | 0.5.8 |
| github.com | gogits_gogs | >= 0.3.1 < 0.5.8 | 0.5.8 |
| gogits | gogs | <= 0.5.5 | — |
| gogits | gogs | — | — |
| gogits | gogs | — | — |
| gogits | gogs | — | — |
| gogits | gogs | — | — |
| gogits | gogs | — | — |
| gogs.io | gogs | >= 0.3.1 < 0.5.8 | 0.5.8 |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
SQL Injection in gogs.io/gogs
osv·2021-06-29
CVE-2014-8681 [MEDIUM] SQL Injection in gogs.io/gogs
SQL Injection in gogs.io/gogs
SQL injection vulnerability in the GetIssues function in models/issue.go in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.6.x before 0.5.6.1025 Beta allows remote attackers to execute arbitrary SQL commands via the label parameter to user/repos/issues.
GHSA
SQL Injection in gogs.io/gogs
ghsa·2021-06-29
CVE-2014-8681 [MEDIUM] CWE-89 SQL Injection in gogs.io/gogs
SQL Injection in gogs.io/gogs
SQL injection vulnerability in the GetIssues function in models/issue.go in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.6.x before 0.5.6.1025 Beta allows remote attackers to execute arbitrary SQL commands via the label parameter to user/repos/issues.
OSV
SQL Injection in github.com/gogits/gogs
osv·2021-04-14
CVE-2014-8681 SQL Injection in github.com/gogits/gogs
SQL Injection in github.com/gogits/gogs
Due to improper sanitization of user input, a number of methods are vulnerable to SQL injection if used with user input that has not been sanitized by the caller.
No detection rules found.
No writeups or analysis indexed.
http://gogs.io/docs/intro/change_log.htmlhttp://packetstormsecurity.com/files/129116/Gogs-Label-Search-Blind-SQL-Injection.htmlhttp://seclists.org/fulldisclosure/2014/Nov/31http://www.exploit-db.com/exploits/35237https://exchange.xforce.ibmcloud.com/vulnerabilities/98695https://github.com/gogits/gogs/commit/83283bca4cb4e0f4ec48a28af680f0d88db3d2c8http://gogs.io/docs/intro/change_log.htmlhttp://packetstormsecurity.com/files/129116/Gogs-Label-Search-Blind-SQL-Injection.htmlhttp://seclists.org/fulldisclosure/2014/Nov/31http://www.exploit-db.com/exploits/35237https://exchange.xforce.ibmcloud.com/vulnerabilities/98695https://github.com/gogits/gogs/commit/83283bca4cb4e0f4ec48a28af680f0d88db3d2c8
2014-11-21
Published