| guide | Network security company SonarSource discovered in a recent research that there is a vulnerability CVE-2023-28424 in the Gentoo Linux distribution, which hackers can use to carry out SQL injection attacks. |
The researchers found the vulnerability in GentooLinux's Soko search component. The CVSS risk score of this vulnerability is 9.1, which is a particularly serious vulnerability. The GentooLinux development team has fixed it within 24 hours of the vulnerability being exposed.
It is reported that the Soko component is a public API, which can provide higher efficiency when searching for software packages in the system, and can perform error tracking and tracing of software sources.
The reason for this vulnerability is mainly "improper database configuration". Even when Object-Relational Mapping (Object-RelationalMapping) is applied, attackers can still use this vulnerability to perform SQL injection, thereby Run the corresponding malicious code on the system, and the vulnerability has been fixed.