Vulnerability Details CVE-2018-17232
SQL injection vulnerability in archivebot.py in docmarionum1 Slack ArchiveBot (aka slack-archive-bot) before 2018-09-19 allows remote attackers to execute arbitrary SQL commands via the text parameter to cursor.execute().
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 62.4%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
Products affected by CVE-2018-17232
-
cpe:2.3:a:slack_archivebot_project:slack_archivebot:2017-01-21
-
cpe:2.3:a:slack_archivebot_project:slack_archivebot:2017-01-23
-
cpe:2.3:a:slack_archivebot_project:slack_archivebot:2017-01-27
-
cpe:2.3:a:slack_archivebot_project:slack_archivebot:2017-04-13
-
cpe:2.3:a:slack_archivebot_project:slack_archivebot:2017-04-15
-
cpe:2.3:a:slack_archivebot_project:slack_archivebot:2017-05-09
-
cpe:2.3:a:slack_archivebot_project:slack_archivebot:2017-05-16
-
cpe:2.3:a:slack_archivebot_project:slack_archivebot:2017-05-22
-
cpe:2.3:a:slack_archivebot_project:slack_archivebot:2017-05-27
-
cpe:2.3:a:slack_archivebot_project:slack_archivebot:2017-05-29
-
cpe:2.3:a:slack_archivebot_project:slack_archivebot:2017-11-20
-
cpe:2.3:a:slack_archivebot_project:slack_archivebot:2018-09-01