SQL Injection Vulnerabilities in SQLAlchemy Affecting Keystone
CVE-2012-0805

Currently unrated

Key Information:

Vendor: Sqlalchemy
Status: Sqlalchemy
Vendor: CVE Published:; 5 June 2012

What is CVE-2012-0805?

Multiple SQL injection vulnerabilities exist in SQLAlchemy, specifically versions prior to 0.7.0b4, utilized in Keystone. These vulnerabilities permit remote attackers to execute arbitrary SQL commands by exploiting the (1) limit or (2) offset keywords within the select function. Additionally, other unspecified vectors within the (3) select.limit or (4) select.offset functions pose risks, enabling unvalidated input to compromise the database integrity.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/73756

vdb-entryx_refsource_XF

http://www.mandriva.com/security/advisories?name=MDVSA-20...

vendor-advisoryx_refsource_MANDRIVA

https://bugs.launchpad.net/keystone/+bug/918608

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 5, 2012
Vulnerability Reserved
Jan 19, 2012

CVE-2012-0805 Data

JSON

Sqlalchemy

What is CVE-2012-0805?

References

Timeline