Skip to main content

Archery

16 CVEs product

Monthly

CVE-2023-48053 HIGH This Week

Archery v1.10.0 uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Archery
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-30605 MEDIUM POC This Month

Archery is an open source SQL audit platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Archery
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-30558 MEDIUM POC This Month

Archery is an open source SQL audit platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Oracle SQLi Archery
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-30557 MEDIUM POC This Month

Archery is an open source SQL audit platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Oracle SQLi Archery
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-30556 MEDIUM POC This Month

Archery is an open source SQL audit platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Oracle SQLi Archery
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-30555 MEDIUM POC This Month

Archery is an open source SQL audit platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Oracle SQLi Archery
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-30554 MEDIUM POC This Month

Archery is an open source SQL audit platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Oracle SQLi Archery
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-30553 MEDIUM POC This Month

Archery is an open source SQL audit platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Oracle SQLi Archery
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-30552 MEDIUM POC This Month

Archery is an open source SQL audit platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Oracle SQLi Archery
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-38542 CRITICAL Act Now

Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the kill_session interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Archery
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-38541 CRITICAL POC Act Now

Archery v1.8.3 to v1.8.5 was discovered to contain multiple SQL injection vulnerabilities via the start_time and stop_time parameters in the my2sql interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Archery
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-38540 CRITICAL Act Now

Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the create_kill_session interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Archery
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-38539 CRITICAL Act Now

Archery v1.7.5 to v1.8.5 was discovered to contain a SQL injection vulnerability via the where parameter at /archive/apply. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Archery
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-38538 CRITICAL Act Now

Archery v1.7.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the checksum parameter in the report module. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Archery
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-38537 CRITICAL Act Now

Archery v1.4.5 to v1.8.5 was discovered to contain multiple SQL injection vulnerabilities via the start_file, end_file, start_time, and stop_time parameters in the binlog2sql interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Archery
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2019-20008 PyPI MEDIUM POC PATCH This Month

In Archery before 1.3, inserting an XSS payload into a project name (either by creating a new project or editing an existing one) will result in stored XSS on the vulnerability-scan scheduling page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Archery
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
EPSS 0% CVSS 7.5
HIGH This Week

Archery v1.10.0 uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Archery
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Archery is an open source SQL audit platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Archery
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Archery is an open source SQL audit platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Oracle SQLi Archery
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Archery is an open source SQL audit platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Oracle SQLi Archery
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Archery is an open source SQL audit platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Oracle SQLi Archery
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Archery is an open source SQL audit platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Oracle SQLi Archery
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Archery is an open source SQL audit platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Oracle SQLi Archery
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Archery is an open source SQL audit platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Oracle SQLi Archery
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Archery is an open source SQL audit platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Oracle SQLi Archery
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the kill_session interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Archery
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Archery v1.8.3 to v1.8.5 was discovered to contain multiple SQL injection vulnerabilities via the start_time and stop_time parameters in the my2sql interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Archery
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the create_kill_session interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Archery
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

Archery v1.7.5 to v1.8.5 was discovered to contain a SQL injection vulnerability via the where parameter at /archive/apply. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Archery
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

Archery v1.7.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the checksum parameter in the report module. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Archery
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

Archery v1.4.5 to v1.8.5 was discovered to contain multiple SQL injection vulnerabilities via the start_file, end_file, start_time, and stop_time parameters in the binlog2sql interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Archery
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

In Archery before 1.3, inserting an XSS payload into a project name (either by creating a new project or editing an existing one) will result in stored XSS on the vulnerability-scan scheduling page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Archery
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy