"Critical SQL Injection Flaws in Gentoo Soko Can Lead To Remote Code Execution"
Researchers at SonarSource discovered two SQL injection vulnerabilities in Gentoo Soko, tracked collectively as CVE-2023-28424 with a CVSS score of 9.1, which a remote attacker can exploit to execute arbitrary code on vulnerable systems. Soko is deployed in the Gentoo Linux infrastructure. The researchers explained that exploiting the vulnerabilities is possible due to improper database configuration. The misconfiguration likely stems from the database's Docker containerization. It was noted that containers frequently "enjoy elevated privileges" due to their status as a security boundary between software components. According to SonarSource's report, a threat actor can inject specially crafted code to evade the escaping feature in the module and introduce SQL injections, resulting in the exposure of sensitive data. This article continues to discuss the SQL injection vulnerabilities in Gentoo Soko that could lead to remote code execution (RCE) on impacted systems.