Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from Vendor (CPANSec) · only source for this CVE.
CVSS VectorVendor: CPANSec
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
DBI versions before 1.650 for Perl are vulnerable to code injection via caller-influenced Profile.
When a string is assigned to a DBI handle's Profile attribute, DBI splits it into path, package and arguments, and interpolates the package part in a string eval with no validation of the package name.
Any caller-influenced value that reaches the Profile attribute is therefore arbitrary Perl code execution, including calls to run system commands.
The Profile attribute can be set from three different sources that can carry untrusted data: the DBI_PROFILE environment variable, a direct attribute assignment, and a DSN driver-attribute clause dbi:Driver(Profile=>SPEC):db.
An attacker controlling any of those inputs runs arbitrary Perl in the host process. The strongest remote position is a network-exposed DBI::Gofer / DBI::ProxyServer whose per-request DSN reaches the Profile attribute, letting a client execute code on the broker host.
Analysis
DBI versions before 1.650 for Perl are vulnerable to code injection via caller-influenced Profile. When a string is assigned to a DBI handle's Profile attribute, DBI splits it into path, package and arguments, and interpolates the package part in a string eval with no validation of the package name. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Threat intelligence, references, and detailed analysis are available after sign-in.
Heap out-of-bounds write in the Perl DBI database-interface module before version 1.650 occurs when DBI preparses a SQL
Heap buffer overflow in the Perl DBI module versions before 1.648 occurs when the preparse() function processes SQL stat
Stack-based buffer overflow in Perl DBI module versions prior to 1.648 allows attackers who can influence database error
Incorrect WHERE-clause evaluation in Perl's DBI::SQL::Nano (versions 1.42 up to 1.651) causes text-based '<=' and '>=' c
Out-of-bounds read in the Perl DBI module's preparse() SQL-normalisation routine allows an attacker who controls SQL pas
Out-of-bounds read in the Perl DBI (Database Independent Interface) module before version 1.651 lets a caller trigger a
Memory-exhaustion denial of service in the DBI::ProfileData module (bundled with Perl DBI) before version 1.651 allows a
Same weakness CWE-95 – Eval Injection
View allSame technique Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today