Skip to main content

Schemahero

1 CVEs product

Monthly

CVE-2026-33643 HIGH This Week

SQL injection in SchemaHero 0.23.0 allows remote attackers to execute arbitrary SQL commands through the column parameter in the mysqlColumnAsInsert function located in plugins/mysql/lib/column.go. The vulnerability affects the MySQL plugin component and enables attackers to manipulate database queries, potentially leading to unauthorized data access, modification, or deletion. Public proof-of-concept code is available, and CVSS/EPSS data are not yet assigned by NVD.

SQLi Schemahero
NVD GitHub VulDB
CVSS 3.1
7.4
EPSS
0.0%
EPSS 0% CVSS 7.4
HIGH This Week

SQL injection in SchemaHero 0.23.0 allows remote attackers to execute arbitrary SQL commands through the column parameter in the mysqlColumnAsInsert function located in plugins/mysql/lib/column.go. The vulnerability affects the MySQL plugin component and enables attackers to manipulate database queries, potentially leading to unauthorized data access, modification, or deletion. Public proof-of-concept code is available, and CVSS/EPSS data are not yet assigned by NVD.

SQLi Schemahero
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy