CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the email parameter at login_core.php.

Injection-Vulnerability-In-Pharmacy-Management-System-1.0  In the 19th line of login\_core.php, the input email is directly brought into the Sql query statement without filtering, resulting in a Sql injection attack.

 The user used by my database is root@localhost

 Sql blind injection attack is used here, and the delay is 4 seconds at this time. If the if () judgment is correct, it will be delayed for 9 seconds 

 

Judge that the second character is o. So we can always judge that the database user() is root@localhost

payload: ?email=admin@admin.com'+and+if(substr(user(),1,1)='r',SLEEP(5),null)--'&password=admin1&role=admins

CVE-2023-31519: Injection-Vulnerability-In-Pharmacy-Management-System-1.0/README.md at main · yangliukk/Injection-Vulnerability-In-Pharmacy-Management-System-1.0

Headline

CVE-2023-31519: Injection-Vulnerability-In-Pharmacy-Management-System-1.0/README.md at main · yangliukk/Injection-Vulnerability-In-Pharmacy-Management-System-1.0

CVE: Latest News