With a carefully crafted web request, it's possible to execute certain unwanted sql statements against the database.
Anyone running the impacted versions (<=6.1.1, 6.2.0, >=7.0.0, <=7.1.1) should upgrade as soon as possible.
The problem has been patched in the following versions: 6.1.2, 6.2.1, and 7.2.0 Users are strongly urged to upgrade to the most recent relevant patch.
There are no workarounds.
https://www.w3schools.com/sql/sqlinjection.asp https://en.wikipedia.org/wiki/SQLinjection
Post any questions to the Arches project forum.
{ "nvd_published_at": "2022-11-11T04:15:00Z", "cwe_ids": [ "CWE-89" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2022-11-11T00:05:15Z" }