Severity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
Lifecycle Timeline
3DescriptionCVE.org
SQL Injection vulnerability in SchemaHero 0.23.0 via the column parameter to the mysqlColumnAsInsert function in file plugins/mysql/lib/column.go.
AnalysisAI
SQL injection in SchemaHero 0.23.0 allows remote attackers to execute arbitrary SQL commands through the column parameter in the mysqlColumnAsInsert function located in plugins/mysql/lib/column.go. The vulnerability affects the MySQL plugin component and enables attackers to manipulate database queries, potentially leading to unauthorized data access, modification, or deletion. Public proof-of-concept code is available, and CVSS/EPSS data are not yet assigned by NVD.
Technical ContextAI
SchemaHero is a Kubernetes-native schema management tool that uses database-specific plugins to handle schema migrations. The MySQL plugin contains a function (mysqlColumnAsInsert) that processes column definitions for INSERT statement generation. The SQL injection flaw exists in how the column parameter is handled without sufficient input validation or parameterized query use, allowing attacker-controlled input to be directly concatenated into SQL queries. This is a classic CWE-89 (SQL Injection) where user-supplied data reaches the SQL query execution context without proper escaping or prepared statement mechanisms.
RemediationAI
Upgrade SchemaHero immediately to a patched version released after 0.23.0; check the official SchemaHero GitHub repository (https://github.com/schemahero/schemahero) for the next available release with SQL injection fixes applied to plugins/mysql/lib/column.go. Until patching is possible, restrict network access to SchemaHero APIs and CLI endpoints to trusted administrative networks only, and avoid using SchemaHero 0.23.0 for any new schema migrations. Review the proof-of-concept documentation at https://github.com/b0b0haha/SchemaHero--Sqlinjection/blob/main/README.md to understand the attack surface and validate whether your deployment is exposed.
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-17137