{"id":"CVE-2019-9047","details":"GoRose v1.0.4 has SQL Injection when the order_by or group_by parameter can be controlled.","modified":"2026-03-14T09:41:59.544881Z","published":"2019-02-23T21:29:00.243Z","references":[{"type":"EVIDENCE","url":"https://github.com/huzr2018/orderby_SQLi/tree/master/gorose"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/gohouse/gorose","events":[{"introduced":"0"},{"last_affected":"5aeebf3335499bae38b9292594d8c2e44d5a0b4f"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.0.4"}]}}],"versions":["0.6","0.7.0","0.7.1","0.7.3","0.7.4","0.7.5","0.7.6","0.7.7","0.8.0","0.8.1","0.8.2","0.9.0","0.9.1","0.9.2","0.9.3","v1.0.1","v1.0.2","v1.0.3","v1.0.4"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-9047.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}