CNNVD-202510-4181 Information

CNNVD ID

CNNVD-202510-4181

Related CVE

CVE-2025-61141

• CNNVD Published: 2025-10-30

Description (Chinese)

sqls是sqls-server开源的一个用Go编写的SQL语言服务器。 sqls 0.2.28版本存在安全漏洞，该漏洞源于openEditor函数未清理EDITOR环境变量和配置文件路径，可能导致命令注入攻击。

Description (English)

sqls is a SQL language server in Go, which is an open source for sqls-server. Version 0.2.28 of sqls has a security loophole, which stems from the fact that the openEditor function does not clean up the EDITOR environment variable and the configuration file path, which may result in an order being injected into the attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

sqls-server

Published

2025-10-30

Last Modified

2026-02-24

References

https://lukmanern.github.io/CVE-2025-61141.html https://github.com/sqls-server/sqls/ https://advisory.dw1.io/54/ https://access.redhat.com/security/cve/cve-2025-61141