This page collects WhisperX intelligence signals tagged #CWE-89. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A critical SQL injection vulnerability has been identified in the `arubis/railsgoat-vulnerability-demo` repository on GitHub. The vulnerability is classified as CWE-89 (SQL Injection) and maps to OWASP A03:2021 (Injection). The security scanner RSOLV reported the issue with 80% confidence. The specific vulnerability is...
A critical SQL injection vulnerability has been identified within a Ruby on Rails application, exposing a direct path for attackers to execute arbitrary database commands. The flaw resides in a single line of code within the `app/controllers/users_controller.rb` file, where user input is unsafely concatenated into an S...
A GitHub Copilot security scan has flagged a potential SQL injection vulnerability in a Python codebase, specifically within a user authentication module. The automated finding, classified with a MEDIUM severity rating, points to a direct string interpolation pattern in an SQL command, a classic vector for injection at...
A GitHub Copilot security scan has flagged a potential SQL injection vulnerability in a Python database initialization script. The automated tool identified a direct string concatenation for an SQL query in the `bad/db_init.py` file, triggering a MEDIUM severity alert under the CWE-89 classification for improper neutra...
A critical security vulnerability has been patched in the widely-used Drizzle ORM library. The patch, released in version 0.45.2, addresses a SQL Injection flaw (CWE-89) within the `sql.identifier()` and `sql.as()` functions. The vulnerability stemmed from improper escaping of values passed to these functions, creating...
A critical SQL injection vulnerability (CWE-89) was discovered in the core authentication function for a healthcare provider system, posing a severe risk of unauthorized access and data manipulation. The flaw, rated a CVSS 3.1 score of 9.8, resided in the `authenticate_user` function within `src/auth/login.py`. Attacke...
A critical SQL injection vulnerability in a healthcare provider authentication system allowed attackers to bypass login entirely and execute arbitrary SQL commands, potentially exposing all patient records across all facilities. The flaw, rated a maximum severity 9.8 on the CVSS scale, was found in the `authenticate_us...
Apache Superset 开源商业智能平台在其代码库中被发现存在多处潜在的 SQL 注入攻击向量。安全扫描工具 Bandit 识别出 13 个位置存在通过字符串拼接方式构造 SQL 查询的风险,这些漏洞被归类为 CWE-89 类型,安全评级为“中危”。 受影响的代码位置分布在多个核心数据库引擎模块和工具文件中,包括 `gsheets.py`、`postgres.py`、`redshift.py` 等数据库连接器,以及用于数据迁移和加密的实用程序文件。这表明风险并非孤立存在,而是可能影响与 Google Sheets、PostgreSQL 和 Amazon Redshift 等多种数据源交互的关键功能。漏洞的根本原因在于直接使...
A critical SQL injection vulnerability has been identified in the route handler logic of a Flask-based web application, exposing the system to potential unauthorized database manipulation. The flaw, classified under CWE-89, exists within the search functionality where user-supplied input flows directly into raw SQL que...
A critical SQL injection vulnerability (CWE-89) in the drizzle-orm library went unpatched for an extended period before being addressed in version 0.45.2, raising questions about exposure in production systems that have not yet updated. The flaw resided in the `sql.identifier()` and `sql.as()` functions, where input va...
A security researcher has identified and patched a vulnerability in LightRAG's OpenSearch integration that allows authenticated users to trigger denial-of-service conditions by injecting pathological wildcard patterns into search queries. The flaw, traced to improper input handling in `lightrag/kg/opensearch_impl.py`, ...