1. CVE-Search
  2. CVE-2022-46908
ID CVE-2022-46908
Summary SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE.
References
Vulnerable Configurations
  • cpe:2.3:a:sqlite:sqlite:3.37.0:*:*:*:*:*:*:*
    cpe:2.3:a:sqlite:sqlite:3.37.0:*:*:*:*:*:*:*
  • cpe:2.3:a:sqlite:sqlite:3.37.1:*:*:*:*:*:*:*
    cpe:2.3:a:sqlite:sqlite:3.37.1:*:*:*:*:*:*:*
  • cpe:2.3:a:sqlite:sqlite:3.37.2:*:*:*:*:*:*:*
    cpe:2.3:a:sqlite:sqlite:3.37.2:*:*:*:*:*:*:*
  • cpe:2.3:a:sqlite:sqlite:3.38.0:*:*:*:*:*:*:*
    cpe:2.3:a:sqlite:sqlite:3.38.0:*:*:*:*:*:*:*
  • cpe:2.3:a:sqlite:sqlite:3.38.1:*:*:*:*:*:*:*
    cpe:2.3:a:sqlite:sqlite:3.38.1:*:*:*:*:*:*:*
  • cpe:2.3:a:sqlite:sqlite:3.38.2:*:*:*:*:*:*:*
    cpe:2.3:a:sqlite:sqlite:3.38.2:*:*:*:*:*:*:*
  • cpe:2.3:a:sqlite:sqlite:3.38.3:*:*:*:*:*:*:*
    cpe:2.3:a:sqlite:sqlite:3.38.3:*:*:*:*:*:*:*
  • cpe:2.3:a:sqlite:sqlite:3.38.4:*:*:*:*:*:*:*
    cpe:2.3:a:sqlite:sqlite:3.38.4:*:*:*:*:*:*:*
  • cpe:2.3:a:sqlite:sqlite:3.38.5:*:*:*:*:*:*:*
    cpe:2.3:a:sqlite:sqlite:3.38.5:*:*:*:*:*:*:*
  • cpe:2.3:a:sqlite:sqlite:3.39.0:*:*:*:*:*:*:*
    cpe:2.3:a:sqlite:sqlite:3.39.0:*:*:*:*:*:*:*
  • cpe:2.3:a:sqlite:sqlite:3.39.1:*:*:*:*:*:*:*
    cpe:2.3:a:sqlite:sqlite:3.39.1:*:*:*:*:*:*:*
  • cpe:2.3:a:sqlite:sqlite:3.39.2:*:*:*:*:*:*:*
    cpe:2.3:a:sqlite:sqlite:3.39.2:*:*:*:*:*:*:*
CVSS
Base: None
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
Impact
ConfidentialityIntegrityAvailability
Last major update 07-03-2023 - 18:21
Published 12-12-2022 - 06:15
Last modified 07-03-2023 - 18:21
Back to Top