This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: Gogs SQL Injection. π **Consequences**: Attackers execute arbitrary SQL commands via the `q` parameter. π₯ **Impact**: Data breach, system compromise, or service disruption.
Q2Root Cause? (CWE/Flaw)
π‘οΈ **Root Cause**: Improper input handling in `models/repo.go` and `models/user.go`. π **Flaw**: The `q` parameter is not sanitized before being used in SQL queries. β οΈ **CWE**: SQL Injection (CWE-89).
Q3Who is affected? (Versions/Components)
π¦ **Affected**: Gogs (Go Git Service). π **Versions**: 0.3.1-9 through 0.5.x (before 0.5.6.1105 Beta). π **Component**: API endpoints `/api/v1/repos/search` and `/api/v1/users/search`.
π **Threshold**: LOW. π« **Auth**: No authentication required (Unauthenticated). βοΈ **Config**: Direct API access via `q` parameter. π― **Ease**: Simple GET request exploitation.
Q6Is there a public Exp? (PoC/Wild Exploitation)
π **Public Exp**: YES. π **PoC**: Available on GitHub (e.g., `nihal1306/gogs`). π§ͺ **Scanner**: Nuclei templates exist (`CVE-2014-8682.yaml`). π **Detection**: Easy to scan via automated tools.
Q7How to self-check? (Features/Scanning)
π **Self-Check**: Scan for Gogs version < 0.5.6.1105 Beta. π‘ **Test**: Send malicious `q` parameter to `/api/v1/repos/search`. π οΈ **Tool**: Use Nuclei or manual SQLi testing tools.β¦
β **Fixed**: YES. π **Patch**: Released in Gogs 0.5.6.1105 Beta. π **Commit**: `0c5ba4573aecc9eaed669e9431a70a5d9f184b8d`. π’ **Source**: Official Gogs changelog and GitHub.
Q9What if no patch? (Workaround)
π§ **Workaround**: If no patch, disable public API access. π« **Block**: Restrict `/api/v1/repos/search` and `/api/v1/users/search` endpoints.β¦