SQLAlchemy 'limit' and 'offset' Parameters SQL Injection Vulnerabilities

Bugtraq ID: 52330
Class: Input Validation Error
CVE: CVE-2012-0805
Remote: Yes
Local: No
Published: Jan 19 2012 12:00AM
Updated: Apr 13 2015 10:06PM
Credit: Thierry Carrez
Vulnerable: SQLAlchemy SQLAlchemy 0.7.0
SQLAlchemy SQLAlchemy 0.6.8
SQLAlchemy SQLAlchemy 0.6.7
Redhat Enterprise Linux Workstation 6
Redhat Enterprise Linux Server 6
Oracle Enterprise Linux 6.2
Oracle Enterprise Linux 6
Mandriva Linux Mandrake 2011 x86_64
Mandriva Linux Mandrake 2011
MandrakeSoft Enterprise Server 5 x86_64
MandrakeSoft Enterprise Server 5
Gentoo Linux
Debian Linux 6.0 sparc
Debian Linux 6.0 s/390
Debian Linux 6.0 powerpc
Debian Linux 6.0 mips
Debian Linux 6.0 ia-64
Debian Linux 6.0 ia-32
Debian Linux 6.0 arm
Debian Linux 6.0 amd64
Not Vulnerable: SQLAlchemy SQLAlchemy 0.7.0b


 

Privacy Statement
Copyright 2010, SecurityFocus