Security
Headlines

Headlines Latest CVEs

Headline

CVE-2015-10069: Prevent sql injection, refresh db. · viakondratiuk/cash-machine@62a6e24

A vulnerability was found in viakondratiuk cash-machine. It has been declared as critical. This vulnerability affects the function is_card_pin_at_session/update_failed_attempts of the file machine.py. The manipulation leads to sql injection. The name of the patch is 62a6e24efdfa195b70d7df140d8287fdc38eb66d. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-218896.

2 years ago

#sql #vulnerability #mac

@@ -151,8 +151,7 @@ def is_card_pin_at_session(request):

return ‘card’ in request.session and request.session[‘card’][‘valid_pin’] is True

def get_card(request, cc_number):

q = “select * from cards where cc_number = '%s’” % cc_number.replace('-', ‘’)

row = request.db.execute(q).fetchone()

row = request.db.execute("select * from cards where cc_number = ?", (cc_number.replace('-', ‘’),)).fetchone()

if row is not None:

return dict(

id = row[0],

@@ -172,7 +171,7 @@ def update_failed_attempts(request, failed_attempts):

def block_card(request):

card = request.session[‘card’]

request.db.execute(“update cards set status = ‘blocked’ where id = %s” % card[‘id’])

request.db.execute("update cards set status = ‘blocked’ where id = ?", (card[‘id’],))

request.db.commit()

def save_balance_check(request):

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

1 year ago

1 year ago

1 year ago

1 year ago

1 year ago