Advisories for Gem/Brbackup package

The program exposes password information in plaintext in the process list. This may allow a local attacker to gain access to password information.

This package contains a flaw that may allow carrying out an SQL injection attack. The issue is due to the /lib/brbackup.rb script not properly sanitizing user-supplied input to the 'name' parameter. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

This package contains a flaw that is triggered as input passed via the 'dbuser' variable is not properly sanitized. This may allow a remote attacker to inject shell metacharacters and execute arbitrary commands.