cbcvebase.
CVE-2014-8681
published 2014-11-21

CVE-2014-8681: SQL injection vulnerability in the GetIssues function in models/issue.go in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.6.x before 0.5.6.1025 Beta allows…

PriorityP350high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
4.58%
90.4th percentile
SQL injection vulnerability in the GetIssues function in models/issue.go in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.6.x before 0.5.6.1025 Beta allows remote attackers to execute arbitrary SQL commands via the label parameter to user/repos/issues.

Affected

9 ranges
VendorProductVersion rangeFixed in
github.comgogits_gogs>= 0 < 0.5.80.5.8
github.comgogits_gogs>= 0.3.1 < 0.5.80.5.8
gogitsgogs<= 0.5.5
gogitsgogs
gogitsgogs
gogitsgogs
gogitsgogs
gogitsgogs
gogs.iogogs>= 0.3.1 < 0.5.80.5.8
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.