CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-43794 – SQL Injection in nocodb
https://notcve.org/view.php?id=CVE-2023-43794
Nocodb is an open source Airtable alternative. Affected versions of nocodb contain a SQL injection vulnerability, that allows an authenticated attacker with creator access to query the underlying database. By supplying a specially crafted payload to the given an attacker can inject arbitrary SQL queries to be executed. Since this is a blind SQL injection, an attacker may need to use time-based payloads which would include a function to delay execution for a given number of seconds. The response time indicates, whether the result of the query execution was true or false. • https://github.com/nocodb/nocodb/security/advisories/GHSA-3m5q-q39v-xf8f • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5104 – Improper Input Validation in nocodb/nocodb
https://notcve.org/view.php?id=CVE-2023-5104
Improper Input Validation in GitHub repository nocodb/nocodb prior to 0.96.0. Validación de Entrada Incorrecta en el repositorio de GitHub nocodb/nocodb anterior a 0.96.0. • https://github.com/nocodb/nocodb/commit/db0385cb8aab2a34e233454607f59152ac62b3e2 https://huntr.dev/bounties/1b5c6d9f-941e-4dd7-a964-42b53d6826b0 • CWE-20: Improper Input Validation •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-3423 – Allocation of Resources Without Limits or Throttling in nocodb/nocodb
https://notcve.org/view.php?id=CVE-2022-3423
Allocation of Resources Without Limits or Throttling in GitHub repository nocodb/nocodb prior to 0.92.0. Una Denegación de Servicio en el repositorio de GitHub nocodb/nocodb versiones anteriores a 0.92.0 • https://github.com/nocodb/nocodb/commit/000ecd886738b965b5997cd905825e3244f48b95 https://huntr.dev/bounties/94639d8e-8301-4432-ab80-e76e1346e631 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2339 – Server-Side Request Forgery (SSRF) in nocodb/nocodb
https://notcve.org/view.php?id=CVE-2022-2339
With this SSRF vulnerability, an attacker can reach internal addresses to make a request as the server and read it's contents. This attack can lead to leak of sensitive information. Con esta vulnerabilidad de tipo SSRF, un atacante puede llegar a direcciones internas para hacer una petición como el servidor y leer su contenido. Este ataque puede conllevar a una filtrado de información confidencial • https://github.com/nocodb/nocodb/commit/000ecd886738b965b5997cd905825e3244f48b95 https://huntr.dev/bounties/fff06de8-2a82-49b1-8e81-968731e87eef • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2079 – Cross-site Scripting (XSS) - Stored in nocodb/nocodb
https://notcve.org/view.php?id=CVE-2022-2079
Cross-site Scripting (XSS) - Stored in GitHub repository nocodb/nocodb prior to 0.91.7+. Una vulnerabilidad de tipo Cross-site Scripting (XSS) - Almacenado en el repositorio GitHub nocodb/nocodb versiones anteriores a 0.91.7+ • https://github.com/nocodb/nocodb/commit/362f8f0869989bc13bdcd66c6fc9c86ac79b9992 https://huntr.dev/bounties/2615adf2-ff40-4623-97fb-2e4a3800202a • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •