VYPR
Critical severity9.1NVD Advisory· Published Aug 1, 2018· Updated Jun 17, 2026

CVE-2016-8640

CVE-2016-8640

Description

A SQL injection vulnerability in pycsw all versions before 2.0.2, 1.10.5 and 1.8.6 that leads to read and extract of any data from any table in the pycsw database that the database user has access to. Also on PostgreSQL (at least) it is possible to perform updates/inserts/deletes and database modifications to any table the database user has access to.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
pycswPyPI
>= 2.0.0, < 2.0.22.0.2
pycswPyPI
< 1.8.61.8.6
pycswPyPI
>= 1.10.0, < 1.10.51.10.5

Affected products

2
  • ghsa-coords
    Range: >= 2.0.0, < 2.0.2
  • https://github.com/geopython/pycswv5
    Range: all versions before 2.0.2, 1.10.5 and 1.8.6

Patches

Vulnerability mechanics

References

10

News mentions

0

No linked articles in our index yet.