Metacat
Monthly
Unauthenticated SQL injection in NCEAS Metacat 2.0.0 through pre-3.0.0 allows remote attackers to read, modify, and execute arbitrary statements against the PostgreSQL backend by sending crafted parameters to the /harvesterRegistration endpoint. The flaw stems from string-concatenated INSERTs in HarvesterRegistration.dbInsert() combined with a missing LDAP identity check, and because the backend permits stacked queries via Statement.executeUpdate() the injection escalates to full database compromise. No public exploit identified at time of analysis, but the CVSS 9.8 vector and trivial trigger via three reachable parameters (unit, contactEmail, documentListURL) make exploitation straightforward once the endpoint is reachable.
Unauthenticated SQL injection in NCEAS Metacat 2.0.0 through pre-3.0.0 allows remote attackers to read, modify, and execute arbitrary statements against the PostgreSQL backend by sending crafted parameters to the /harvesterRegistration endpoint. The flaw stems from string-concatenated INSERTs in HarvesterRegistration.dbInsert() combined with a missing LDAP identity check, and because the backend permits stacked queries via Statement.executeUpdate() the injection escalates to full database compromise. No public exploit identified at time of analysis, but the CVSS 9.8 vector and trivial trigger via three reachable parameters (unit, contactEmail, documentListURL) make exploitation straightforward once the endpoint is reachable.