### [CVE-2024-43406](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43406)
![](https://img.shields.io/static/v1?label=Product&message=ekuiper&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%201.14.2%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%3A%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen)

### Description

LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. A user could utilize and exploit SQL Injection to allow the execution of malicious SQL query via Get method in sqlKvStore. This vulnerability is fixed in 1.14.2.

### POC

#### Reference
- https://github.com/lf-edge/ekuiper/security/advisories/GHSA-r5ph-4jxm-6j9p

#### Github
No PoCs found on GitHub currently.