CVE-2020-36645: 
vulnerability analysis and mitigation

A critical SQL injection vulnerability (CVE-2020-36645) was discovered in square squalor affecting an unknown part of the application. The vulnerability was discovered and disclosed on January 7, 2023. The issue allows attackers to perform SQL injection attacks through manipulation of table name parameters (CVE Details).

The vulnerability stems from insufficient sanitization of table name parameters in the application. The issue specifically relates to unescaped backquote characters in table names that could lead to SQL injection. The fix involved properly escaping backquote characters and implementing proper quoting of table names (GitHub Commit).

If exploited, this vulnerability could allow attackers to manipulate SQL queries, potentially leading to unauthorized access to or modification of database contents. The vulnerability was classified as critical due to its potential impact on database security (CVE Details).

The vulnerability was patched in version v0.0.0 of square squalor. The fix includes proper escaping of backquote characters in table names and implementation of proper quoting mechanisms. Users are advised to upgrade to this version or later to address the vulnerability (GitHub Release).