NVD

Id
35669  
Name
CVE-2014-8681  
Description
SQL injection vulnerability in the GetIssues function in models/issue.go in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.6.x before 0.5.6.1025 Beta allows remote attackers to execute arbitrary SQL commands via the label parameter to user/repos/issues.  
Reject
 
CVSS Version
2  
CVSS Score
7.5  
Severity
High  
CVSS Base Score
7.5  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-19  
Published
2014-11-21  
Modified Date
2014-11-24  
Seq
2014-8681  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
182679 35669 CVE-2014-8681 http://gogs.io/docs/intro/change_log.html  View
182680 35669 CVE-2014-8681 http://packetstormsecurity.com/files/129116/Gogs-Label-Search-Blind-SQL-Injection.html  View
182681 35669 CVE-2014-8681 20141114 CVE-2014-8681 Blind SQL Injection in Gogs label search  View
182682 35669 CVE-2014-8681 35237  View
182683 35669 CVE-2014-8681 gogs-cve20148681-sql-injection(98695)  View
182684 35669 CVE-2014-8681 https://github.com/gogits/gogs/commit/83283bca4cb4e0f4ec48a28af680f0d88db3d2c8  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
16704 JVNDB-2014-005579 Gogs の models/issue.go の GetIssues 関数における SQL インジェクションの脆弱性 Gogs (別名 Go Git Service) の models/issue.go の GetIssues 関数には、SQL インジェクションの脆弱性が存在します。 CVE-2014-8681 75974 CVE-2014-8681 35669 7.5 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-005579.html 2014-11-19 2014-11-25 View