CVE-2022-46908

Summary

SQLite through 3.40.0, when relying on –safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE.

Affected Software

VendorProductVersion RangeStatus
n/an/an/aaffected

Weaknesses

  • n/a

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

References