VYPR

Archer

by Archer

CVEs (24)

  • CVE-2022-38542CriSep 13, 2022
    risk 0.64cvss 9.8epss 0.01

    Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the kill_session interface. The project has released an update, please upgrade to v1.9.0 and above.

  • CVE-2022-38541CriSep 13, 2022
    risk 0.64cvss 9.8epss 0.01

    Archery v1.8.3 to v1.8.5 was discovered to contain multiple SQL injection vulnerabilities via the start_time and stop_time parameters in the my2sql interface.

  • CVE-2022-38538CriSep 13, 2022
    risk 0.64cvss 9.8epss 0.01

    Archery v1.7.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the checksum parameter in the report module.

  • CVE-2022-38537CriSep 13, 2022
    risk 0.64cvss 9.8epss 0.01

    Archery v1.4.5 to v1.8.5 was discovered to contain multiple SQL injection vulnerabilities via the start_file, end_file, start_time, and stop_time parameters in the binlog2sql interface.

  • CVE-2025-50572HigJul 31, 2025
    risk 0.57cvss 8.8epss 0.00

    Archer 6.11.00204.10014 allows attackers to execute arbitrary code via crafted system inputs that would be exported into the CSV and be executed after the user opened the file with compatible applications. NOTE: the Supplier does not accept this as a valid vulnerability report…

  • CVE-2023-48053HigNov 16, 2023
    risk 0.49cvss 7.5epss 0.00

    Archery v1.10.0 uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption. This vulnerability can lead to the disclosure of information and communications.

  • CVE-2023-30639HigMay 1, 2023
    risk 0.46cvss 7.1epss 0.00

    Archer Platform 6.8 before 6.12 P6 HF1 (6.12.0.6.1) contains a stored XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. 6.11.P4 (6.11.0.4)…

  • CVE-2023-30605MedApr 19, 2023
    risk 0.42cvss 6.5epss 0.01

    Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. User input coming from the `variable_name` and `variable_value` parameter value in the…

  • CVE-2023-30558MedApr 19, 2023
    risk 0.42cvss 6.5epss 0.01

    Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. User input coming from the `db_name` in the `sql/data_dictionary.py` `table_list` endpoint is passed to…

  • CVE-2023-30557MedApr 19, 2023
    risk 0.42cvss 6.5epss 0.01

    Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to SQL injection in the `data_dictionary.py` `table_info`. User input…

  • CVE-2023-30556MedApr 19, 2023
    risk 0.42cvss 6.5epss 0.01

    Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to SQL injection in the `optimize_sqltuningadvisor` method of…

  • CVE-2023-30555MedApr 19, 2023
    risk 0.42cvss 6.5epss 0.01

    Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases.Affected versions are subject to SQL injection in the `explain` method in `sql_optimize.py`. User input…

  • CVE-2023-30554MedApr 19, 2023
    risk 0.42cvss 6.5epss 0.01

    Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to SQL injection in the `sql_api/api_workflow.py` endpoint `ExecuteCheck`…

  • CVE-2023-30553MedApr 19, 2023
    risk 0.42cvss 6.5epss 0.01

    Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to multiple SQL injections in the `sql_api/api_workflow.py` endpoint…

  • CVE-2023-30552MedApr 19, 2023
    risk 0.42cvss 6.5epss 0.01

    Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to SQL injection in the `sql/instance.py` endpoint's `describe` method.…

  • CVE-2022-26951MedMar 30, 2022
    risk 0.42cvss 6.5epss 0.01

    Archer 6.x through 6.10 (6.10.0.0) contains a reflected XSS vulnerability. A remote SAML-unauthenticated malicious Archer user could potentially exploit this vulnerability by tricking a victim application user into supplying malicious HTML or JavaScript code to the vulnerable…

  • CVE-2022-26947MedMar 30, 2022
    risk 0.41cvss 6.3epss 0.01

    Archer 6.x through 6.9 SP3 (6.9.3.0) contains a reflected XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability by tricking a victim application user into supplying malicious HTML or JavaScript code to the vulnerable web…

  • CVE-2022-26948MedMar 30, 2022
    risk 0.38cvss 5.8epss 0.01

    The Archer RSS feed integration for Archer 6.x through 6.9 SP1 (6.9.1.0) is affected by an insecure credential storage vulnerability. A malicious attacker may obtain access to credential information to use it in further attacks.

  • CVE-2022-26950MedMar 30, 2022
    risk 0.35cvss 5.4epss 0.01

    Archer 6.x through 6.9 P2 (6.9.0.2) is affected by an open redirect vulnerability. A remote unprivileged attacker may potentially redirect legitimate users to arbitrary web sites and conduct phishing attacks. The attacker could then steal the victims' credentials and silently…

  • CVE-2022-26949MedMar 30, 2022
    risk 0.35cvss 5.3epss 0.01

    Archer 6.x through 6.9 SP2 P1 (6.9.2.1) contains an improper access control vulnerability on attachments. A remote authenticated malicious user could potentially exploit this vulnerability to gain access to files that should only be allowed by extra privileges.

Page 1 of 2