CVE-2019-7164

SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:sqlalchemy:sqlalchemy:1.3.0:beta1:*:*:*:*:*:*
cpe:2.3:a:sqlalchemy:sqlalchemy:*:*:*:*:*:*:*:*
cpe:2.3:a:sqlalchemy:sqlalchemy:1.3.0:beta2:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:opensuse:backports_sle:15.0:-:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:-:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*

Configuration 5 (hide)

OR cpe:2.3:a:oracle:communications_operations_monitor:4.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*

Information

Published : 2019-02-19 16:29

Updated : 2021-12-03 12:09


NVD link : CVE-2019-7164

Mitre link : CVE-2019-7164


JSON object : View

CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Advertisement

dedicated server usa

Products Affected

redhat

  • enterprise_linux
  • enterprise_linux_server_aus
  • enterprise_linux_server_tus
  • enterprise_linux_eus

opensuse

  • backports_sle
  • leap

sqlalchemy

  • sqlalchemy

oracle

  • communications_operations_monitor

debian

  • debian_linux