Critical severity9.1NVD Advisory· Published Aug 1, 2018· Updated Jun 17, 2026
CVE-2016-8640
CVE-2016-8640
Description
A SQL injection vulnerability in pycsw all versions before 2.0.2, 1.10.5 and 1.8.6 that leads to read and extract of any data from any table in the pycsw database that the database user has access to. Also on PostgreSQL (at least) it is possible to perform updates/inserts/deletes and database modifications to any table the database user has access to.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
pycswPyPI | >= 2.0.0, < 2.0.2 | 2.0.2 |
pycswPyPI | < 1.8.6 | 1.8.6 |
pycswPyPI | >= 1.10.0, < 1.10.5 | 1.10.5 |
Affected products
2- https://github.com/geopython/pycswv5Range: all versions before 2.0.2, 1.10.5 and 1.8.6
Patches
Vulnerability mechanics
References
10- seclists.org/oss-sec/2016/q4/406nvdMailing ListPatchThird Party AdvisoryWEB
- github.com/geopython/pycsw/pull/474/filesnvdPatchThird Party AdvisoryWEB
- patch-diff.githubusercontent.com/raw/geopython/pycsw/pull/474.patchnvdPatchThird Party AdvisoryWEB
- www.securityfocus.com/bid/94302nvdThird Party AdvisoryVDB Entry
- github.com/advisories/GHSA-hg4c-rgvm-964gghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2016-8640ghsaADVISORY
- github.com/geopython/pycsw/commit/522873e5ce48bb9cbd4e7e8168ca881ce709c222ghsaWEB
- github.com/geopython/pycsw/commit/69546e13527c82e4f9191769215490381ad511b2ghsaWEB
- github.com/geopython/pycsw/commit/daaf09b4b920708a415be3c7f446739661ba3753ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/pycsw/PYSEC-2018-98.yamlghsaWEB
News mentions
0No linked articles in our index yet.