VYPR
Vendor

Sqls Server

Products
1
CVEs
1
Across products
1
Status
Private

Products

1

Recent CVEs

1
  • CVE-2025-61141HigOct 30, 2025
    risk 0.42cvss 7.5epss 0.01

    sqls-server/sqls 0.2.28 is vulnerable to command injection in the config command because the openEditor function passes the EDITOR environment variable and config file path to sh -c without sanitization, allowing attackers to execute arbitrary commands.