Site icon API Security Blog

SQL Injection

cubejs-backend/api-gateway is vulnerable to SQL Injection attacks. A specifically crafted attack statement through the `/v1/sql-runner` endpoint allows a malicious authenticated user to inject and execute arbitrary SQL queries on the target system.Read More

Exit mobile version