Source Code Audit

intelligence gathering

Open Source Software Grafana Platform SQL Injection High Risk Vulnerability

An injection vulnerability exists in the open source software grafana, where an attacker can use a post request to the /api/ds/query api, and then they can modify the "rawSql" file to execute a malicious sql string, resulting in a blind time-based sql injection vulnerability that poses the threat of a database compromise.

xbear
April 23, 2024
04.1K00