CRITICAL🇵🇱 Wersja polska

CVE-2025-66944

CVSS 9.8v3.1pub. 2026-03-04upd. 2026-03-09

SQL Injection vulnerability in vran-dev databaseir v.1.0.7 and before allows a remote attacker to execute arbitrary code via the query parameter in the search API endpoint

🤖 AI Analysis
How it works

The vulnerability occurs in the query parameter of the search API endpoint in the Databasir application. An attacker can submit a specially crafted HTTP request containing a malicious SQL payload that is not properly filtered or parameterized by the application. This results in the execution of untrusted SQL code on the database server, and consequently the ability to execute arbitrary code at the operating system level (RCE).

Impact

An attacker can take full control of the database (read, modify, delete data) and potentially execute arbitrary code on the server, leading to complete compromise of system confidentiality, integrity, and availability.

Mitigation & patch

Apply patches available from the vendor according to references. It is recommended to monitor the project repository (https://github.com/vran-dev/databasir/issues/283) for information about available fixes. Until the patch is installed, consider restricting access to the search API endpoint to trusted IP addresses at the firewall level.

Who is affected

Databasir (vran-dev) version 1.0.7 and all earlier versions

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Databasir

    APP
    Databasir
    ≤ 1.0.7
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCESQLi
CWE
References

Related vulnerabilities

CVE-2023-27821CRITICAL9.8ten sam produkt

Databasir v1.0.7 was discovered to contain a remote code execution (RCE) vulnerability via the mockDataScript ...

CVE-2022-24861CRITICAL9.9ten sam produkt

Databasir is a team-oriented relational database model document management platform. Databasir 1.01 has remote...

CVE-2022-31196HIGH7.6ten sam produkt

Databasir is a database metadata management platform. Databasir <= 1.06 has Server-Side Request Forgery (SSRF)...