CVE-2025-24787

{"id": "CVE-2025-24787", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 4.0, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2025-02-06T19:15:20.213", "references": [{"url": "https://github.com/clidey/whodb/security/advisories/GHSA-c7w4-9wv8-7x7c", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/go-sql-driver/mysql/blob/7403860363ca112af503b4612568c3096fecb466/infile.go#L128", "tags": ["Product"], "source": "security-advisories@github.com"}, {"url": "https://github.com/clidey/whodb/security/advisories/GHSA-c7w4-9wv8-7x7c", "tags": ["Vendor Advisory"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-943"}]}], "descriptions": [{"lang": "en", "value": "WhoDB is an open source database management tool. In affected versions the application is vulnerable to parameter injection in database connection strings, which allows an attacker to read local files on the machine the application is running on. The application uses string concatenation to build database connection URIs which are then passed to corresponding libraries responsible for setting up the database connections. This string concatenation is done unsafely and without escaping or encoding the user input. This allows an user, in many cases, to inject arbitrary parameters into the URI string. These parameters can be potentially dangerous depending on the libraries used. One of these dangerous parameters is `allowAllFiles` in the library `github.com/go-sql-driver/mysql`. Should this be set to `true`, the library enables running the `LOAD DATA LOCAL INFILE` query on any file on the host machine (in this case, the machine that WhoDB is running on). By injecting `&allowAllFiles=true` into the connection URI and connecting to any MySQL server (such as an attacker-controlled one), the attacker is able to read local files. This issue has been addressed in version 0.45.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability."}, {"lang": "es", "value": "WhoDB es una herramienta de gesti\u00f3n de bases de datos de c\u00f3digo abierto. En las versiones afectadas, la aplicaci\u00f3n es vulnerable a la inyecci\u00f3n de par\u00e1metros en las cadenas de conexi\u00f3n de la base de datos, lo que permite a un atacante leer archivos locales en la m\u00e1quina en la que se ejecuta la aplicaci\u00f3n. La aplicaci\u00f3n utiliza la concatenaci\u00f3n de cadenas para crear las URI de conexi\u00f3n a la base de datos que luego se pasan a las librer\u00edas correspondientes responsables de configurar las conexiones a la base de datos. Esta concatenaci\u00f3n de cadenas se realiza de forma insegura y sin escapar ni codificar la entrada del usuario. Esto permite a un usuario, en muchos casos, inyectar par\u00e1metros arbitrarios en la cadena URI. Estos par\u00e1metros pueden ser potencialmente peligrosos seg\u00fan las librer\u00edas utilizadas. Uno de estos par\u00e1metros peligrosos es `allowAllFiles` en la librer\u00eda `github.com/go-sql-driver/mysql`. Si se establece en `true`, la librer\u00eda permite ejecutar la consulta `LOAD DATA LOCAL INFILE` en cualquier archivo en la m\u00e1quina host (en este caso, la m\u00e1quina en la que se ejecuta WhoDB). Al inyectar `&allowAllFiles=true` en la URI de conexi\u00f3n y conectarse a cualquier servidor MySQL (como uno controlado por el atacante), el atacante puede leer archivos locales. Este problema se ha solucionado en la versi\u00f3n 0.45.0 y se recomienda a todos los usuarios que actualicen la versi\u00f3n. No se conocen workarounds para esta vulnerabilidad."}], "lastModified": "2025-12-31T14:19:58.163", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:clidey:whodb:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2BCBFAAE-CA04-4716-95FD-0813F3461084", "versionEndExcluding": "0.45.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}