CVE-2026-29953

| EUVD-2026-17131 HIGH
2026-03-30 [email protected] GHSA-wfp6-2cvw-9pcm
7.4
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

3
Analysis Generated
Mar 30, 2026 - 16:22 vuln.today
EUVD ID Assigned
Mar 30, 2026 - 16:22 euvd
EUVD-2026-17131
CVE Published
Mar 30, 2026 - 16:16 nvd
HIGH 7.4

Tags

SQLi PostgreSQL

Description

SQL Injection vulnerability in SchemaHero 0.23.0 via the column parameter to the columnAsInsert function in file plugins/postgres/lib/column.go.

Analysis

SQL injection in SchemaHero 0.23.0 allows remote attackers to execute arbitrary SQL commands through the column parameter in the columnAsInsert function within the PostgreSQL plugin, potentially compromising database integrity and confidentiality. Public exploit documentation is available, indicating proof-of-concept code exists. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

37
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +37
POC: 0

Share

CVE-2026-29953 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy