Tag
critical
advisory
Dgraph Pre-Auth DQL Injection Vulnerability
1 rule 1 TTPA pre-authentication DQL injection vulnerability in Dgraph's `/mutate` endpoint, when ACL is disabled, allows attackers to exfiltrate the entire database by crafting a malicious `cond` field in an upsert mutation.
Dgraph
dql-injection
injection
database-exfiltration
1r
1t
critical
advisory
Dgraph Pre-Auth Full Database Exfiltration via DQL Injection
2 rules 6 TTPsA pre-authentication DQL injection vulnerability in Dgraph's default configuration allows attackers to exfiltrate the entire database by crafting malicious JSON mutations to the `/mutate` endpoint, exploiting unsanitized language tags in predicates.
Dgraph
dql-injection
vulnerability
2r
6t