https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Thu, 25 Jun 2026 21:41:33 +0000 https://vulnerability.circl.lu/sighting/d05b3614-f16a-4425-a3fe-99f5e3e4c2fe/export {"uuid": "d05b3614-f16a-4425-a3fe-99f5e3e4c2fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-52673", "type": "seen", "source": "https://gist.github.com/onehang01/93d233a8aef2fc73294c25db8ca3b424", "content": "# Vulnerability Report: CVE-2026-52673 - CBoard - <=0.4.2 SQL Injection\n\n## Vulnerability Summary\nCboard v.0.4.2 and before contains a SQL Injection vulnerability in the `/cboard/dashboard/getDimensionValues.do` endpoint.\n\n## Vulnerability Details\nThis interface allows users to submit SQL query configurations. During processes including data source testing, field retrieval, dimension value querying, and aggregation querying, the backend directly concatenates SQL statements using user-supplied SQL or column name expressions and executes them via JDBC Statement.executeQuery().\nWithout parameterized queries in place and lacking effective allowlist validation for SQL structures and column name expressions, authenticated attackers can craft malicious SQL to perform arbitrary queries against the backend data source or bypass logical conditions.\nTested endpoint: /cboard/dashboard/getDimensionValues.do\nTest payload (URL-encoded):\ndatasourceId=1&query={\"sql\":\"SELECT 9 AS A\"}&colmunName=A*2\n\nThe backend computes and returns the result 18. This output verifies that the expression A*2 inside the colmunName parameter is concatenated into the final SQL statement and executed by the database, instead of being treated as a plain string. Attackers can abuse this vulnerability to extract sensitive data stored in the database.", "creation_timestamp": "2026-06-18T16:31:13.000000Z"} {"uuid": "d05b3614-f16a-4425-a3fe-99f5e3e4c2fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-52673", "type": "seen", "source": "https://gist.github.com/onehang01/93d233a8aef2fc73294c25db8ca3b424", "content": "# Vulnerability Report: CVE-2026-52673 - CBoard - <=0.4.2 SQL Injection\n\n## Vulnerability Summary\nCboard v.0.4.2 and before contains a SQL Injection vulnerability in the `/cboard/dashboard/getDimensionValues.do` endpoint.\n\n## Vulnerability Details\nThis interface allows users to submit SQL query configurations. During processes including data source testing, field retrieval, dimension value querying, and aggregation querying, the backend directly concatenates SQL statements using user-supplied SQL or column name expressions and executes them via JDBC Statement.executeQuery().\nWithout parameterized queries in place and lacking effective allowlist validation for SQL structures and column name expressions, authenticated attackers can craft malicious SQL to perform arbitrary queries against the backend data source or bypass logical conditions.\nTested endpoint: /cboard/dashboard/getDimensionValues.do\nTest payload (URL-encoded):\ndatasourceId=1&query={\"sql\":\"SELECT 9 AS A\"}&colmunName=A*2\n\nThe backend computes and returns the result 18. This output verifies that the expression A*2 inside the colmunName parameter is concatenated into the final SQL statement and executed by the database, instead of being treated as a plain string. Attackers can abuse this vulnerability to extract sensitive data stored in the database.", "creation_timestamp": "2026-06-18T16:31:13.000000Z"} https://vulnerability.circl.lu/sighting/d05b3614-f16a-4425-a3fe-99f5e3e4c2fe/export Thu, 18 Jun 2026 16:31:13 +0000