Attacker Value
Moderate
(1 user assessed)
Exploitability
Low
(1 user assessed)
User Interaction
Required
Privileges Required
None
Attack Vector
Local
0

CVE-2019-7548

Disclosure Date: February 06, 2019
CVE-2019-7548 CVSS v3 Base Score: 7.8
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled.

Add Assessment

1
Ratings
  • Attacker Value
    Medium
  • Exploitability
    Low
Common in enterpriseGives privileged access
Technical Analysis

SQLAlchemy is one of the most popular ORMs for Python / SQL Database interaction. It is heavily used in python web applications with frameworks like Flask and Django.

ORMS are heavily used as they prevent the need for raw queries, which also adds input sanitization as part of its process.

This specific exploit would allow SQL Injection if an attacker can control the input sent to group_by as this field was not being filtered. This could resutl in full DB compromise including the compromise of credentials.

Whilst the use of SQLAlchemy is fairly common the specific requirements around the version and the group_by parameter being accessible to an end-user may not be as common.

Log in to Add Reply
CVSS V3 Severity and Metrics
Base Score:
7.8 High
Impact Score:
5.9
Exploitability Score:
1.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector (AV):
Local
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
Required
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • debian,
  • opensuse,
  • oracle,
  • redhat,
  • sqlalchemy

Products

  • backports sle 15.0,
  • communications operations monitor 4.2,
  • communications operations monitor 4.3,
  • debian linux 8.0,
  • debian linux 9.0,
  • enterprise linux 8.0,
  • enterprise linux eus 8.1,
  • enterprise linux eus 8.2,
  • enterprise linux eus 8.4,
  • enterprise linux server aus 8.2,
  • enterprise linux server aus 8.4,
  • enterprise linux server tus 8.2,
  • enterprise linux server tus 8.4,
  • leap 15.0,
  • leap 15.1,
  • sqlalchemy 1.2.17
Technical Analysis