VYPR

Go modules package

github.com/clidey/whodb/core

pkg:golang/github.com/clidey/whodb/core

Vulnerabilities (2)

  • CVE-2025-24786Feb 6, 2025
    affected < 0.0.0-20250127172032-547336ac73c8fixed 0.0.0-20250127172032-547336ac73c8

    WhoDB is an open source database management tool. While the application only displays Sqlite3 databases present in the directory `/db`, there is no path traversal prevention in place. This allows an unauthenticated attacker to open any Sqlite3 database present on the host machine

  • CVE-2025-24787Feb 6, 2025
    affected < 0.0.0-20250127202645-8d67b767e005fixed 0.0.0-20250127202645-8d67b767e005

    WhoDB is an open source database management tool. In affected versions the application is vulnerable to parameter injection in database connection strings, which allows an attacker to read local files on the machine the application is running on. The application uses string conca