RCE attacks possible with Gentoo Soko SQL flaws

29 June 2023

Attackers could leverage a pair of already addressed SQL injection flaws in Gentoo Soko, a Go module deployed on the Gentoo Linux infrastructure, to facilitate remote code execution attacks that could lead to sensitive data exposure, reports The Hacker News. Such vulnerabilities, tracked as CVE-2023-28424, stemmed from a database misconfiguration and was not prevented by an Object-Relational Mapping library and prepared statements, according to SonarSource researcher Thomas Chauchefoin.

Source: SC Magazine

Date:

29 June 2023

Categorie(s):

NEWS

Tag(s):

Databases, Gentoo, IT, News, SQL

AppOmni introduces ZTPM for enhanced cisibility in SaaS security8 May 2024
Combatting Deepfakes in Australia: Content Credentials is the Start8 May 2024
Veeam fixes RCE flaw in backup management platform (CVE-2024-29212)8 May 2024
Eclypsium offers protection for GenAI hardware infrastructure8 May 2024
Hackers Actively Exploiting Ivanti Pulse Secure Vulnerabilities8 May 2024