Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2023-28424

Soko if the code that powers packages.gentoo.org. Prior to version 1.0.2, the two package search handlers, `Search` and `SearchFeed`, implemented in `pkg/app/handler/packages/search.go`, are affected by a SQL injection via the `q` parameter. As a result, unauthenticated attackers can execute arbitrary SQL queries on `https://packages.gentoo.org/`. It was also demonstrated that primitive was enough to gain code execution in the context of the PostgreSQL container. The issue was addressed in commit `4fa6e4b619c0362728955b6ec56eab0e0cbf1e23y` of version 1.0.2 using prepared statements to interpolate user-controlled data in SQL queries.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 68.8%
CVSS Severity
CVSS v3 Score 9.1
Products affected by CVE-2023-28424
  • Gentoo » Soko » Version: 0.1.11
    cpe:2.3:a:gentoo:soko:0.1.11
  • Gentoo » Soko » Version: 0.1.12
    cpe:2.3:a:gentoo:soko:0.1.12
  • Gentoo » Soko » Version: 0.1.13
    cpe:2.3:a:gentoo:soko:0.1.13
  • Gentoo » Soko » Version: 0.1.14
    cpe:2.3:a:gentoo:soko:0.1.14
  • Gentoo » Soko » Version: 0.1.15
    cpe:2.3:a:gentoo:soko:0.1.15
  • Gentoo » Soko » Version: 0.1.16
    cpe:2.3:a:gentoo:soko:0.1.16
  • Gentoo » Soko » Version: 0.1.17
    cpe:2.3:a:gentoo:soko:0.1.17
  • Gentoo » Soko » Version: 0.1.18
    cpe:2.3:a:gentoo:soko:0.1.18
  • Gentoo » Soko » Version: 0.1.19
    cpe:2.3:a:gentoo:soko:0.1.19
  • Gentoo » Soko » Version: 0.1.20
    cpe:2.3:a:gentoo:soko:0.1.20
  • Gentoo » Soko » Version: 0.1.21
    cpe:2.3:a:gentoo:soko:0.1.21
  • Gentoo » Soko » Version: 0.1.22
    cpe:2.3:a:gentoo:soko:0.1.22
  • Gentoo » Soko » Version: 0.1.23
    cpe:2.3:a:gentoo:soko:0.1.23
  • Gentoo » Soko » Version: 0.2.0
    cpe:2.3:a:gentoo:soko:0.2.0
  • Gentoo » Soko » Version: 0.2.2
    cpe:2.3:a:gentoo:soko:0.2.2
  • Gentoo » Soko » Version: 0.2.3
    cpe:2.3:a:gentoo:soko:0.2.3
  • Gentoo » Soko » Version: 0.2.4
    cpe:2.3:a:gentoo:soko:0.2.4
  • Gentoo » Soko » Version: 0.2.5
    cpe:2.3:a:gentoo:soko:0.2.5
  • Gentoo » Soko » Version: 0.2.6
    cpe:2.3:a:gentoo:soko:0.2.6
  • Gentoo » Soko » Version: 1.0.1
    cpe:2.3:a:gentoo:soko:1.0.1


Products
Pricing
Contact Us

Shodan ® - All rights reserved