Multiple SQL injection vulnerabilities have been disclosed in Gentoo Soko that could lead to remote code execution (RCE) on vulnerable systems.
« These SQL injections happened despite the use of an Object-Relational Mapping (ORM) library and prepared statements, » SonarSource researcher Thomas Chauchefoin said, adding they could result in RCE on Soko because of a « misconfiguration of the database.
