Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-j6cv-98jx-mrwr: Mocodo vulnerable to SQL injection in `/web/generate.php`

Mocodo Mocodo Online 4.2.6 and below does not properly sanitize the sql_case input field in /web/generate.php, allowing remote attackers to execute arbitrary SQL commands and potentially command injection, leading to remote code execution (RCE) under certain conditions.

ghsa
#sql#web#git#php#rce#perl

Mocodo vulnerable to SQL injection in `/web/generate.php`

Critical severity GitHub Reviewed Published May 28, 2024 to the GitHub Advisory Database • Updated May 28, 2024

ghsa: Latest News

GHSA-pj33-75x5-32j4: RabbitMQ HTTP API's queue deletion endpoint does not verify that the user has a required permission