A cikin SQLite DBMS (CVE-2019-5018), wanda ke ba ku damar aiwatar da lambar ku akan tsarin idan yana yiwuwa a aiwatar da tambayar SQL wanda maharin ya shirya. Matsalar tana faruwa ne ta hanyar kuskuren aiwatar da ayyukan taga kuma yana bayyana farawa daga reshe . Rashin lahani a cikin watan Afrilu ba tare da maganar gyara matsalar tsaro ba.
Tambayar SQL SELECT da aka ƙera ta musamman na iya haifar da samun damar ƙwaƙwalwar ajiyar amfani bayan-kyauta, wacce za a iya amfani da ita don ƙirƙirar amfani don aiwatar da lamba a cikin mahallin aikace-aikacen ta amfani da SQLite. Za a iya yin amfani da raunin idan aikace-aikacen ya ba da damar ginin SQL da ke fitowa daga waje don shiga cikin SQLite.
Misali, ana iya yuwuwar kai hari akan burauzar Chrome da aikace-aikace ta amfani da injin Chromium, tunda ana aiwatar da WebSQL API a saman SQLite kuma yana shiga wannan DBMS don aiwatar da tambayoyin SQL daga aikace-aikacen yanar gizo. Don kai hari, ya isa ya ƙirƙiri shafi mai mugunyar lambar JavaScript kuma a tilasta mai amfani ya buɗe shi a cikin burauza bisa injin Chromium.
source: budenet.ru