CVE-2016-1669 An issue was discovered in Dataiku, a software as a service data management tool. It is caused by a SQL injection in the search functionality, which allows attackers to execute arbitrary SQL queries.
CVE-2017-3233 An issue was discovered in Dataiku, a software as a service data management tool. It is caused by a SQL injection in the search functionality, which allows attackers to execute arbitrary SQL queries.
CVE-2017-3234 An issue was discovered in Dataiku, a software as a service data management tool. It is caused by a SQL injection in the search functionality, which allows attackers to execute arbitrary SQL queries.
CVE-2017-3235 An issue was discovered in Dataiku, a software as a service data management tool. It is caused by a SQL injection in the search functionality, which allows attackers to execute arbitrary SQL queries.
CVE-2017-3236 An issue was discovered in Dataiku, a software as a service data management tool. It is caused by a SQL injection in the search functionality, which allows attackers to execute arbitrary SQL queries.
CVE-2017-3237 An issue was discovered in Dataiku, a software as a service data management tool. It is caused by a SQL injection in the search functionality, which allows attackers to execute arbitrary SQL queries.
CVE-2017-3238 An issue was discovered in Dataiku, a software as a service data management tool. It
Description
As software as a service (Saas) offerings continue to grow in popularity, there are more and more risks associated with their use. This is due to the increasingly complex nature of the software and data that powers these offerings.
Dataiku has recently discovered three new vulnerabilities on its service, which could have serious consequences for users. All three vulnerabilities were discovered by a researcher who goes by the name "n0v4". In total, these vulnerabilities affect Dataiku's search functionality and could allow attackers to access sensitive information from your account.
A vulnerability was found in Dataiku's search function that allows attackers to execute arbitrary SQL queries. The vulnerability exists because the application doesn't properly sanitize user input when passing it through SQL queries. This allows an attacker to run arbitrary code on behalf of the logged-in user. Because of this, an attacker could gain access to personal data or view sensitive content such as passwords or credit card numbers.
Timeline
Published on: 09/22/2022 18:15:00 UTC
Last modified on: 09/24/2022 02:35:00 UTC
References
- https://gist.github.com/enferas/85cdbadf5cba32ec7c8db6ea9e6833bf
- https://github.com/icecoder/ICEcoder/blob/master/classes/Settings.php
- http://icecoder.com
- https://github.com/icecoder/ICEcoder/blob/master/lib/settings.php
- https://github.com/icecoder/ICEcoder
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-34026