Uptrace Pgdriver SQL Injection Vulnerability

A SQL injection vulnerability has been identified in Uptrace Pgdriver version 1.2.1. The issue arises in the appendArg function within the pgdriver format file. This vulnerability allows attackers to manipulate SQL queries and execute arbitrary statements on the database.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can interfere with the application's database queries. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.

Reproduction

The vulnerability can be reproduced by using a prepared statement that includes user-controlled parameters. When a negative number is passed as a parameter, it can be interpreted as a line comment in SQL, effectively altering the query's syntax. This injection can be exploited by, for example, injecting a multi-line string that includes SQL commands, bypassing the application's intended query logic.

Remediation

Users are advised to update to a patched version of the Uptrace Pgdriver. As of now, no patched version is available, but users can switch to an alternative library that does not have this vulnerability.