A vulnerability, which was classified as critical, was found in webpy web.py 0.70. Affected is the function PostgresDB._process_insert_query of the file web/db.py. The manipulation of the argument seqname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Related CVEs

CVE-2025-3818

Key Information

GHSA ID

GHSA-9g47-36rw-gjh2

Published

April 19, 2025 9:30 PM

Last Modified

May 29, 2025 3:31 PM

CVSS Score

5.0 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: September 9, 2025 6:37 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.