SQLite UDF Function Execution Vulnerability

SQLite UDF Function Execution Vulnerability

CVE-2022-46908 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE.

Learn more about our Web Application Penetration Testing UK.