CVSS: 9.8EPSS: 1%CPEs: 18EXPL: 1CVE-2019-7164 – python-sqlalchemy: SQL Injection when the order_by parameter can be controlled
https://notcve.org/view.php?id=CVE-2019-7164
20 Feb 2019 — SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter. SQLAlchemy, hasta la versión 1.2.17 y las 1.3.x hasta la 1.3.0b2, permite Inyección SQL mediante el parámetro "order_by". Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. SQLAlche... • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00087.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 1CVE-2019-7548 – python-sqlalchemy: SQL Injection when the group_by parameter can be controlled
https://notcve.org/view.php?id=CVE-2019-7548
06 Feb 2019 — SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled. SQLAlchemy 1.2.17 tiene una inyección SQL cuando el parámetro group_by se puede controlar. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. SQLAlchemy is an Object Relational Mapper that provides a... • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00087.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •