CVE-2014-8682 Scanner
Detects 'SQL Injection (SQLi)' vulnerability in Gogs (aka Go Git Service) affects v. 0.3.1-9 through 0.5.x before 0.5.6.1105 Beta.
Short Info
Level
High
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
1 month 2 days
Scan only one
URL
Toolbox
-
Gogs (aka Go Git Service) is a self-hosted Git service written in Go language that allows users to deploy their own Git service. It is designed to provide a fast and lightweight web interface for managing repositories, users, and organizations. With Gogs, users can collaborate with other developers on projects from anywhere in the world and control access to their code. It is a popular solution for managing private Git repositories and is rapidly gaining popularity among developers.
CVE-2014-8682 vulnerability, multiple SQL injection vulnerabilities were detected in Gogs 0.3.1-9 through 0.5.x before 0.5.6.1105 Beta. The vulnerability exists in the q parameter to api/v1/repos/search, which is not properly handled in models/repo.go, and api/v1/users/search, which is not properly handled in models/user.go. This flaw allows remote attackers to execute arbitrary SQL commands and access sensitive information stored within the database.
Exploitation of the CVE-2014-8682 vulnerability can lead to significant harm to digital assets. By exploiting the vulnerability, attackers can inject malicious SQL commands into the database, thus extracting sensitive data, modifying or deleting existing data, or even gaining unauthorized access to the system. As a result, the availability, confidentiality, and integrity of digital assets can be compromised.
In conclusion, with the pro features of s4e.io, users can easily and quickly learn about vulnerabilities in their digital assets. The platform provides regular updates on CVEs, security news, and best practices to minimize the risk of attacks. By staying up to date with the latest security vulnerabilities and patches, users can stay one step ahead of attackers and ensure the security of their digital assets.
REFERENCES
- http://gogs.io/docs/intro/change_log.html
- http://packetstormsecurity.com/files/129117/Gogs-Repository-Search-SQL-Injection.html
- http://seclists.org/fulldisclosure/2014/Nov/33
- http://www.exploit-db.com/exploits/35238
- http://www.securityfocus.com/archive/1/533995/100/0/threaded
- http://www.securityfocus.com/bid/71187
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98694
- https://github.com/gogits/gogs/commit/0c5ba4573aecc9eaed669e9431a70a5d9f184b8d