mirror of
https://github.com/0xMarcio/cve.git
synced 2026-03-30 00:40:29 +02:00
862 B
862 B
CVE-2014-8681
Description
SQL injection vulnerability in the GetIssues function in models/issue.go in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.6.x before 0.5.6.1025 Beta allows remote attackers to execute arbitrary SQL commands via the label parameter to user/repos/issues.
POC
Reference
- http://packetstormsecurity.com/files/129116/Gogs-Label-Search-Blind-SQL-Injection.html
- http://seclists.org/fulldisclosure/2014/Nov/31
- http://www.exploit-db.com/exploits/35237
Github
No PoCs found on GitHub currently.