GoRose v1.0.4 has SQL Injection when the order_by or group_by parameter can be controlled.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9047
Reference (s):
- https://github.com/huzr2018/orderby_SQLi/tree/master/gorose
GoRose v1.0.4 has SQL Injection when the order_by or group_by parameter can be controlled.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9047
Reference (s):