Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2014-8682SQL Injection in Gogs

CWE-89SQL Injection7 documents6 sources
Severity
7.5HIGHNVD
EPSS
76.9%
top 1.04%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Gogs.io GogsGogits Gogs
Timeline
PublishedNov 21
Latest updateAug 21

Description

Multiple SQL injection vulnerabilities in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.x before 0.5.6.1105 Beta allow remote attackers to execute arbitrary SQL commands via the q parameter to (1) api/v1/repos/search, which is not properly handled in models/repo.go, or (2) api/v1/users/search, which is not properly handled in models/user.go.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

Gogogs.io/gogs0.3.10.5.8
NVDgogits/gogs0.5.5+5

🔴Vulnerability Details

3
OSV
SQL Injection in Gogs in gogs.io/gogs2024-08-21
GHSA
SQL Injection in Gogs2021-06-29
OSV
SQL Injection in Gogs2021-06-29

💥Exploits & PoCs

2
Exploit-DB
Gogs - 'users'/'repos' '?q' SQL Injection2014-11-14
Nuclei
Gogs (Go Git Service) - SQL Injection

🕵️Threat Intelligence

1
Greynoiseio
NoiseLetter September 2025