Vulnerabilities

CVE-2025-61141

by Fred · 30/10/2025

sqls-server/sqls 0.2.28 is vulnerable to command injection in the config command because the openEditor function passes the EDITOR environment variable and config file path to sh -c without sanitization, allowing attackers to execute arbitrary commands.

More information : https://advisory.dw1.io/54/

Similar

Tags: Cybersecurity Alert