Daptin 0.10.3 SQL Injection in /aggregate/:typename Endpoint

Key Information Title Daptin https://github.com/daptin/daptin 0.10.3 SQL Injection Description A SQL injection vulnerability exists in Daptin's aggregate API endpoint ( ). User-supplied input is passed directly to the function without proper validation or sanitization, allowing attackers to execute arbitrary SQL queries. Code Details In , the , , and parameters are directly inserted into SQL queries using the function. The function treats input as raw SQL literals, bypassing all query parameterization and escaping mechanisms. Additional Information Source: https://note-hxlab.wetoolink.com/share/yMZ8oEgMTAur Submitter: hiro (UID 93548) Submission Time: December 19, 2022, 08:04 AM Review Time: January 2, 2022, 11:08 AM Status: Accepted VulDB Entry: 339384

Goal Reached Thanks to every supporter — we hit 100%!

Daptin 0.10.3 SQL Injection in /aggregate/:typename Endpoint