6.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2023-50718

GHSA ID

GHSA-8fxg-mr34-jqr8

EPSS Score

0.20536%

CWE

CWE-89

Published

5/13/2024

Updated

5/14/2024

KEV Status

Technology

JavaScript

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2023-50718

CVE-2023-50718: NocoDB SQL Injection vulnerability

Summary

An authenticated attacker with create access could conduct a SQL Injection attack on MySQL DB using unescaped table_name.

Details

SQL Injection vulnerability occurs in VitessClient.ts.

async columnList(args: any = {}) {
    const func = this.columnList.name;
    const result = new Result();
    log.api(`${func}:args:`, args);

    try {
      args.databaseName = this.connectionConfig.connection.database;

      const response = await this.sqlClient.raw(
        `select *, table_name as tn from information_schema.columns where table_name = '${args.tn}' ORDER by ordinal_position`,
      );

The variable ${args.tn} refers to the table name entered by the user. A malicious attacker can escape the existing query by including a special character (') in the table name and insert and execute a new arbitrary SQL query.

Impact

This vulnerability may result in leakage of sensitive data in the database.

(GitHub Advisory)

6.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2023-50718

GHSA ID

GHSA-8fxg-mr34-jqr8

EPSS Score

0.20536%

CWE

CWE-89

Published

5/13/2024

Updated

5/14/2024

KEV Status

Technology

JavaScript

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
nocodb	npm	<= 0.202.9	0.202.10

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability is explicitly traced to the columnList method in VitessClient.ts where user-supplied table_name (args.tn) is concatenated into a raw SQL query. The code pattern '${args.tn}' demonstrates unsafe string interpolation rather than using prepared statements. This matches classic SQL injection patterns and is explicitly called out in all vulnerability descriptions as the root cause.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Summ*ry --- *n *ut**nti**t** *tt**k*r wit* *r**t* ****ss *oul* *on*u*t * SQL Inj**tion *tt**k on MySQL ** usin* un*s**p** t**l*_n*m*. ### **t*ils --- ### SQL Inj**tion vuln*r**ility o**urs in **Vit*ss*li*nt.ts**. ```j*v*s*ript *syn* *olumnList(*

Reasoning

T** vuln*r**ility is *xpli*itly tr**** to t** *olumnList m*t*o* in Vit*ss*li*nt.ts w**r* us*r-suppli** t**l*_n*m* (*r*s.tn) is *on**t*n*t** into * r*w SQL qu*ry. T** *o** p*tt*rn `'${*r*s.tn}'` **monstr*t*s uns*** strin* int*rpol*tion r*t**r t**n usi

6.5

Basic Information

Concerned about an active attack path?

CVE-2023-50718: NocoDB SQL Injection vulnerability

Summary

Details

SQL Injection vulnerability occurs in VitessClient.ts.

Impact

6.5

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI