Github.Com Clidey Whodb Core vulnerabilities
2 known vulnerabilities affecting github.com/clidey_whodb_core.
Total CVEs
2
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1
Vulnerabilities
Page 1 of 1
CVE-2025-24786P2CRITICALPoC≥ 0, < 0.0.0-20250127172032-547336ac73c82025-02-06
CVE-2025-24786 [CRITICAL] CWE-22 WhoDB has a path traversal opening Sqlite3 database
WhoDB has a path traversal opening Sqlite3 database
### Summary
While the application only displays Sqlite3 databases present in the directory `/db`, there is no path traversal prevention in place. This allows an unauthenticated attacker to open any Sqlite3 database present on the host machine that the application is running on.
### Details
WhoDB allows users to connect to Sqlite3 databases. By default, the
ghsaosv
CVE-2025-24787P3HIGH≥ 0, < 0.0.0-20250127202645-8d67b767e0052025-02-06
CVE-2025-24787 [HIGH] CWE-943 WhoDB allows parameter injection in DB connection URIs leading to local file inclusion
WhoDB allows parameter injection in DB connection URIs leading to local file inclusion
### Summary
The application is vulnerable to parameter injection in database connection strings, which allows an attacker to read local files on the machine the application is running on.
### Details
The application uses string concatenation to build database connection URIs which are then p
ghsaosv