Headline

CVE-2015-10050: prevent sql injection · brandonfire/miRNA_Database_by_PHP_MySql@307c5d5

A vulnerability was found in brandonfire miRNA_Database_by_PHP_MySql. It has been declared as critical. This vulnerability affects the function __construct/select_single_rna/count_rna of the file inc/model.php. The manipulation leads to sql injection. The name of the patch is 307c5d510841e6142ddcbbdbb93d0e8a0dc3fd6a. It is recommended to apply a patch to fix this issue. VDB-218374 is the identifier assigned to this vulnerability.

2 years ago

CVE

Open in Source

#sql #vulnerability #php

@@ -14,8 +14,9 @@ public function __construct($db_name){ function select_single_rna($new){
try { $results = $this->db->query(“SELECT * FROM `mirna` WHERE Name = '$new’”);
$results = $this->db->prepare(“SELECT * FROM `mirna` WHERE Name = ?”); $results->bindParam(1,$new); $results->execute(); } catch(Exception $e) { echo"Could not query the database."; @@ -25,14 +26,19 @@ function select_single_rna($new){ return $mirnas; }
function count_rna($name,$tissue){ function count_rna($name,$tissue,$onc=’’){ try { if($tissue == “all”){ $total = $this->db->query(“SELECT count(*) FROM mirna WHERE Name LIKE '%$name%’”);
$total = $this->db->prepare(“SELECT count(*) FROM mirna WHERE Name LIKE ? AND Cancer_Effect LIKE ?”); $total->bindValue(1,"%" . $name . “%”); $total->bindValue(2,"%" . $onc . “%”); $total->execute(); } else { $total = $this->db->query(“SELECT count(*) FROM mirna WHERE Name LIKE ‘%$name%’ AND tissue = '$tissue’”);
$total = $this->db->prepare(“SELECT count(*) FROM mirna WHERE Name LIKE ? AND tissue = ? AND Cancer_Effect LIKE ?”); $total->bindValue(1,"%" . $name . “%”); $total->bindParam(2,$tissue); $total->bindValue(3,"%" . $onc . “%”); $total->execute(); } } catch(Exception $e){ echo"Could not query the database."; @@ -42,14 +48,23 @@ function count_rna($name,$tissue){ $total_n = intval($arr[0][“count(*)"]); return $total_n; } function select_rnas($name,$tissue,$records_perpage=100,$c_p=0){ function select_rnas($name,$tissue,$records_perpage=100,$c_p=0,$onc=’’){ try { if($tissue == “all”){ $results = $this->db->query(“SELECT * FROM mirna WHERE Name LIKE ‘%$name%’ ORDER BY databaseid ASC LIMIT $records_perpage OFFSET $c_p”);
$results = $this->db->prepare(“SELECT * FROM mirna WHERE Name LIKE ? AND Cancer_Effect LIKE ? ORDER BY databaseid ASC LIMIT ? OFFSET ?”); $results->bindValue(1,"%” . $name . “%”); $results->bindValue(2,"%" . $onc . “%”); $results->bindParam(3,$records_perpage,PDO::PARAM_INT); $results->bindParam(4,$c_p,PDO::PARAM_INT); $results->execute(); } else { $results = $this->db->query(“SELECT * FROM mirna WHERE Name LIKE ‘%$name%’ AND tissue = ‘$tissue’ ORDER BY databaseid ASC LIMIT $records_perpage OFFSET $c_p”);
$results = $this->db->prepare(“SELECT * FROM mirna WHERE Name LIKE ? AND tissue = ? AND Cancer_Effect LIKE ? ORDER BY databaseid ASC LIMIT ? OFFSET ?”); $results->bindValue(1,"%" . $name . “%”); $total->bindParam(2,$tissue); $results->bindValue(3,"%" . $onc . “%”); $results->bindParam(4,$records_perpage,PDO::PARAM_INT); $results->bindParam(5,$c_p,PDO::PARAM_INT); $results->execute(); } } catch(Exception $e){ echo"Could not query the database.";

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

12 months ago

12 months ago

12 months ago

12 months ago

12 months ago