1. Home
  2. Mapping Frameworks
  3. CVE Home
  4. tortoise-orm

CVE CVE-2020-11010 Mappings

In Tortoise ORM before versions 0.15.23 and 0.16.6, various forms of SQL injection have been found for MySQL and when filtering or doing mass-updates on char/text fields. SQLite & PostgreSQL are only affected when filtering with contains, starts_with, or ends_with filters (and their case-insensitive counterparts).

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
CVE-2020-11010 tortoise-orm primary_impact T1059 Command and Scripting Interpreter
CVE-2020-11010 tortoise-orm secondary_impact T1005 Data from Local System
CVE-2020-11010 tortoise-orm secondary_impact T1505.003 Web Shell
CVE-2020-11010 tortoise-orm secondary_impact T1136 Create Account
CVE-2020-11010 tortoise-orm secondary_impact T1190 Exploit Public-Facing Application
CVE-2020-11010 tortoise-orm secondary_impact T1565.001 Stored Data Manipulation
CVE-2020-11010 tortoise-orm exploitation_technique T1133 External Remote Services