AIKIDO-2024-10340
mysql-connector-python is vulnerable to SQL Injection
60
Medium
mysql-connector-python python
AIKIDO-2024-10340: mysql-connector-python is vulnerable to SQL Injection in versions 8.3.0 - 9.0.0.
SQL Injection
Vuln in 8.3.0 - 9.0.0
Fixed in 9.1.0
No CVE available
TL;DR
Affected versions of the package are vulnerable to a potential SQL Injection. Malicious strings can be injected when utilizing dictionary-based query parameterization via the 'cursor.execute()' API command and the C-based implementation of the connector.
Who does this affect?
You're affected if you are using a version which is within vulnerability ranges.
How can it be fixed?
Upgrade mysql-connector-python library to patch version.
Background info
Don’t be left in the dark
With in-house intel and access to top vulnerability databases, see it all with Aikido.
© 2024 Aikido Security BV | BE0792914919
🇪🇺 Grauwpoort 1, 9000 Ghent, Belgium
🇺🇸 95 Third St, 2nd Fl, San Francisco, CA 94103, US