FreshRSS

πŸ”’
☐ β˜† βœ‡ The Hacker News

Critical SQL Injection Flaws Expose Gentoo Soko to Remote Code Execution

By Ravie Lakshmanan β€” June 28th 2023 at 07:24
Multiple SQL injection vulnerabilities have been disclosed in Gentoo Soko that could lead to remote code execution (RCE) on vulnerable systems. "These SQL injections happened despite the use of an Object-Relational Mapping (ORM) library and prepared statements," SonarSource researcher Thomas ChauchefoinΒ said, adding they could result in RCE on Soko because of a "misconfiguration of the database.
❌