Piwigo is image gallery software written in PHP. When a criteria is not met on a host, piwigo defaults to usingmt_rand in order to generate password reset tokens. mt_rand output can be predicted after recovering the seed used to generate it. This low an unauthenticated attacker to take over an account providing they know an administrators email address in order to be able to request password reset.

**Have a question about this project?** Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CVE-2016-3735: Issues · Piwigo/Piwigo

An information disclosure vulnerability exists due to a web server misconfiguration in the Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability.

**Summary**

An information disclosure vulnerability exists due to a web server misconfiguration in the reolink RLC-410W v3.0.0.136\_20121102. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability.

**Tested Versions**

Reolink RLC-410W v3.0.0.136\_20121102

**Product URLs**

RLC-410W - https://reolink.com/us/product/rlc-410w/

**CVSSv3 Score**

8.1 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

**CWE**

CWE-219 - Sensitive Data Under Web Root

**Details**

The Reolink RLC-410W is a WiFi security camera. The camera includes motion detection functionalities and various methods to save the recordings.

The RLC-410W uses nginx as web server. Following the HTTPS configuration used by the camera:

    [...]
    
    http 
    {
    
       [...]
    
        server
        {
            listen 443;
            root /mnt/app/www/;                                                                             [1]
            index index.php index.htm index.html;
    
            ssl on;
            ssl_protocols     TLSv1.2;
            ssl_certificate /mnt/app/www/self.crt;
            ssl_certificate_key /mnt/app/www/self.key;                                                      [2]
    
           [...]
        }
    }
    

At [2] is specified the location of the TLS private key. Due to the TLS key being inside the document root, specified at [1], and the insufficient access control, the TLS private key is downloadable with a HTTP request. This could lead an attacker to impersonate the camera. Furthermore, in specific context, because TLS v1.2 is used, it would be possible for an attacker to decrypt the HTTPS conversation and stole the authentication token of a logged user, potentially allowing the attacker to act with admin privileges. Using the valid admin credentials and features of the reolink API it is possible to affect the integrity and availability of the device.

**Exploit Proof of Concept**

Executing:

    $ wget -qO - http://$CAMERA_IP/self.key | head -1
    

Will result in the following output:

    -----BEGIN RSA PRIVATE KEY-----
    

**Timeline**

2022-01-14 - Vendor Disclosure  
2022-01-19 - Vendor Patched

2022-01-26 - Public Release

Discovered by Francesco Benvenuto of Cisco Talos.

CVE-2022-21236: TALOS-2022-1446 || Cisco Talos Intelligence Group

Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend upgrading to version 3.15.0 or greater.

**Protocol Compiler**

*   Optional fields for proto3 are enabled by default, and no longer require  
    the --experimental\_allow\_proto3\_optional flag.

**C++**

*   MessageDifferencer: fixed bug when using custom ignore with multiple  
    unknown fields
*   Use init\_seg in MSVC to push initialization to an earlier phase.
*   Runtime no longer triggers -Wsign-compare warnings.
*   Fixed -Wtautological-constant-out-of-range-compare warning.
*   DynamicCastToGenerated works for nullptr input for even if RTTI is disabled
*   Arena is refactored and optimized.
*   Clarified/specified that the exact value of Arena::SpaceAllocated() is an  
    implementation detail users must not rely on. It should not be used in  
    unit tests.
*   Change the signature of Any::PackFrom() to return false on error.
*   Add fast reflection getter API for strings.
*   Constant initialize the global message instances
*   Avoid potential for missed wakeup in UnknownFieldSet
*   Now Proto3 Oneof fields have "has" methods for checking their presence in  
    C++.
*   Bugfix for NVCC
*   Return early in \_InternalSerialize for empty maps.
*   Adding functionality for outputting map key values in proto path logging  
    output (does not affect comparison logic) and stop printing 'value' in the  
    path. The modified print functionality is in the  
    MessageDifferencer::StreamReporter.
*   Fixed #8129
*   Ensure that null char symbol, package and file names do not result in a  
    crash.
*   Constant initialize the global message instances
*   Pretty print 'max' instead of numeric values in reserved ranges.
*   Removed remaining instances of std::is\_pod, which is deprecated in C++20.
*   Changes to reduce code size for unknown field handling by making uncommon  
    cases out of line.
*   Fix std::is\_pod deprecated in C++20 (#7180)
*   Fix some -Wunused-parameter warnings (#8053)
*   Fix detecting file as directory on zOS issue #8051 (#8052)
*   Don't include sys/param.h for \_BYTE\_ORDER (#8106)
*   remove CMAKE\_THREAD\_LIBS\_INIT from pkgconfig CFLAGS (#8154)
*   Fix TextFormatMapTest.DynamicMessage issue#5136 (#8159)
*   Fix for compiler warning issue#8145 (#8160)
*   fix: support deprecated enums for GCC < 6 (#8164)
*   Fix some warning when compiling with Visual Studio 2019 on x64 target (#8125)

**Python**

*   Provided an override for the reverse() method that will reverse the internal  
    collection directly instead of using the other methods of the BaseContainer.
*   MessageFactory.CreateProtoype can be overridden to customize class creation.
*   Fix PyUnknownFields memory leak (#7928)
*   Add macOS big sur compatibility (#8126)

**JavaScript**

*   Generate getDescriptor methods with * as their this type.
*   Enforce let/const for generated messages.
*   js/binary/utils.js: Fix jspb.utils.joinUnsignedDecimalString to work with negative bitsLow and low but non-zero bitsHigh parameter. (#8170)

**PHP**

*   Added support for PHP 8. (#8105)
*   unregister INI entries and fix invalid read on shutdown (#8042)
*   Fix PhpDoc comments for message accessors to include "|null". (#8136)
*   fix: convert native PHP floats to single precision (#8187)
*   Fixed PHP to support field numbers >=2\*\*28. (#8235)
*   feat: add support for deprecated fields to PHP compiler (#8223)
*   Protect against stack overflow if the user derives from Message. (#8248)
*   Fixed clone for Message, RepeatedField, and MapField. (#8245)
*   Updated upb to allow nonzero offset minutes in JSON timestamps. (#8258)

**Ruby**

*   Added support for Ruby 3. (#8184)
*   Rewrote the data storage layer to be based on upb\_msg objects from the  
    upb library. This should lead to much better parsing performance,  
    particularly for large messages. (#8184).
*   Fill out JRuby support (#7923)
*   \[Ruby\] Fix: (SIGSEGV) gRPC-Ruby issue on Windows. memory alloc infinite  
    recursion/run out of memory (#8195)
*   Fix jruby support to handle messages nested more than 1 level deep (#8194)

**Java**

*   Avoid possible UnsupportedOperationException when using CodedInputSteam  
    with a direct ByteBuffer.
*   Make Durations.comparator() and Timestamps.comparator() Serializable.
*   Add more detailed error information for dynamic message field type  
    validation failure
*   Removed declarations of functions declared in java\_names.h from  
    java\_helpers.h.
*   Now Proto3 Oneof fields have "has" methods for checking their presence in  
    Java.
*   Annotates Java proto generated \*\_FIELD\_NUMBER constants.
*   Add -assumevalues to remove JvmMemoryAccessor on Android.

**C#**

*   Fix parsing negative Int32Value that crosses segment boundary (#8035)
*   Change ByteString to use memory and support unsafe create without copy (#7645)
*   Optimize MapField serialization by removing MessageAdapter (#8143)
*   Allow FileDescriptors to be parsed with extension registries (#8220)
*   Optimize writing small strings (#8149)

CVE-2021-22570: Release Protocol Buffers v3.15.0 · protocolbuffers/protobuf

The Privilege Escalation vulnerability discovered in the WP Google Map WordPress plugin (versions <= 1.8.0) allows authenticated low-role users to create, edit, and delete maps.

*   Details
*   Reviews
*   Installation
*   Support
*   Development

**Google Maps for WordPress**

*   Google Maps for WordPress Help Manual
*   How to use Google Maps in WordPress Website

WP Google Map is an awesome plugin to use when adding a custom Google map to your website. It is fully customizable and can be used as shortcode.

**Get WP Google Map pro version**

**DEMOS**

*   **See all Google Map Demos**

**VIDEO TUTORIALS**

*   **Video on Quick Installation**
*   **Video on (Installation, Activation, Creating Map, How to use)**

**DOCUMENTATION**

*   **Complete Installation Guide**
*   **How to get your Lifetime License key?**
*   **How to get your own API key**
*   **Add Google Map in wordpress page**
*   **Add Google Map in wordpress post**
*   **Add Google Map in Sidebar as widget**
*   **Customize Map Language and Regional Area Settings**

**TROUBLESHOOTING**

*   **How to identify and fix the Map loading problems?**
*   **Do you see “the page can’t load the map correctly?**
*   **How to fix Multiple Google Map API loading??**
*   **Don’t see “Embed Google Map” button in new Editor?**

**Note:** According to Google Documentation, You can use Google Map upto **200 USD** for free each month

**TRANSLATIONS**

Get a free **License Key** of the WP Google Map Pro version in exchange for translating our plugin!

*   **English (Australia) – (en\_AU)**
*   **English (Canada) – (en\_CA)**
*   **English (UK) – (en\_GB)**
*   **English (New Zealand) – (en\_NZ)**
*   **English (South Africa) – (en\_ZA)**
*   **Bengali (Bangladesh) – (bn\_BD)**
*   **Spanish (Spain) – (es\_ES)**
*   **Spanish (Venezuela) – (es\_VE)**
*   **German – (de\_DE)**
*   **German (Formal) – (de\_DE\_formal)**
*   **Turkish – (tr\_TR)**
*   **French (France) – (fr\_FR)**
*   **Danish – (da\_DK)**
*   **German (Switzerland) – (de\_CH)**
*   **Arabic – (ar)**

**SUPPORT AND CONTRIBUTION**

*   **Report an issue**
*   **Support Forum**
*   **Post review WordPress** 🙂
*   **Contact Us**
*   **Facebook Page Community**
*   **Facebook Group Community**
*   **Twitter Community**
*   **LIVE CHAT**

To have continued the update, please donate for the WP Google Map plugin. **You will get Lifetime License Key by donating minimum 10 USD**  
**Click here to donate**

**Features of WP Google Map Plugin-Lite version(FREE):**

*   **User-friendly**
*   **Ability to change Map Language and Regional Area!**
*   **Fully Customizable**
*   **Importing the Shortcode by WP Google Map Button on Classic Editor**
*   **Automatic Google Map Location identification with user Consent**
*   **Tested with other popular plugins**
*   **Super easy to use**
*   **Ability to change zoom level(1-22)**
*   **Easy to add a widget (By Shortcode)**
*   **No coding required!**
*   **Drag Map Marker to an desired location**
*   **Ability to use a shortcode in the Posts and Pages**
*   **Fully responsive maps**
*   **Ability to change Latitude, Longitude, Address by Dragging Marker**
*   **Supported UTF-8 font encoding**
*   **Google Map autocomplete available**
*   **Multiple Language supported(Localization)**
*   **Can be used in the single page, single post, sidebar, footer, etc.**
*   **You can set any width and height as you need**
*   **Map full screen functionality**

**Features of WP Google Map Plugin(PREMIUM):**

*   **Ability to create Unlimited Maps**
*   **Ability to create Unlimited Map markers**
*   **Detailed Direction option support with Map**
*   **Image can be added in Marker InfoWindow**
*   **Roadmap, Terrain, Satellite and Hybrid types of map supported**
*   **Supports Google Map Street View option**
*   **You can add multiple maps in any page or post if you need!**

**Please use latest language file**

**USE AS SHORTCODE IN POST, PAGE, AND SIDEBAR.**

            [gmap-embed id="<Your map ID>"]
    

**USE AS SHORTCODE IN PHP CODE**

        <?php echo do_shortcode('[gmap-embed id="YOUR MAP ID"]');?>
    

**POSSIBLE USE CASES**

*   **Contact page Google Map implementation**
*   **Office location by Google Map**
*   **Point your office location by Pin/Marker**
*   **Business Location by Google Map**
*   **Store location view by Google Map**
*   **Location view by Google Map widget**

Contact us if you have any problems with installation or anything else.  
Email: **milonfci@gmail.com**  
Skype: **milon305021**

**It’s simple:**

1.  Download the WP Google Map Plugin.
2.  Upload the zip folder plugins directory “wp-content/plugins”
3.  Activate the WP Google Map Plugin from the Admin panel.
4.  Add the WP Google Map widget to your sidebar using Shortcode.
5.  Add the WP Google Map in posts/pages using the shortcode.
6.  Here you can see Complete Installation Guide

Our WP Google Map plugin is user-friendly, but you can read some frequently asked questions that might help you here.

**How do I get your own Google Map API key?**

See the Video ,hope you will get idea.

**How to Troubleshoot or Debug Map Loading Issue?**

See the Documentation, hope you will find best solution.

**How can I create a new Google Map?**

After installing the plugin, Click on WP Google Map in the left sidebar. Then click on **Add New** . See Video Tutorial

**How do I enable Directions on my Google Map?**

You will see an option named “**Enable Direction in Map**” under each map other setting. Also, you can set the option in creating a new map page. See Documentation

**How do I change Map theme?**

It’s Easy! Go to **WP Google Map**\=-> **Map Edit Page** . Now please See the documentation

**How do I add a Google Map to my Page/Post?**

It’s Easy! Go to **Posts**\=-> **Add New** . Now please See the documentation

**How do I add a Google Map as a widget?**

Go to **Appearance** =-> **Widget** . Now please See the documentation

Like the options and features in it...

Très simple à utiliser. Très facile de rajouter des points d'interets sur la carte. Parfait

Easy setting. Multiple map can made. user's image marker can use. It had exactly the features I wanted.

Worked like a charm and great documentation.

Plugin works as advertised. Really like the option of being able to create my own markers!

Read all 139 reviews

“Maps Plugin using Google Maps for WordPress – WP Google Map” is open source software. The following people have contributed to this plugin.

Contributors

*    Saidur Rahman Milon

**1.8.9**

*   Copy to clipboard for map shortcode
*   Default markers bundle added
*   CADATA introduced for frontend
*   Auto-Complete/Auto suggestion option added for direction From/To input field

**1.8.8**

*   New UI screenshots updated in wp.org
*   Map Theme option introduced including custom theme JSON.

**1.8.6**

*   Marker content update issue fixing
*   Code optimized with WordPress Standard
*   Ajax Datatable js error fixing

**1.8.5**

*   Code Optimization
*   Security enhancement

**1.8.4**

*   CSRF issue fixing
*   Tabs UI update
*   Marker Icon preview issue fixing
*   DB query and code optimized

**1.8.3**

*   Ajax Security issues resolved
*   Marker Edit page minor bug fixing

**1.8.2**

*   Clickable marker infowindow introduced.

**1.8.1**

*   Hot fix: Security issue fixed.

**1.8.0**

*   Multiple Marker system introduced.
*   Complete Admin UI updated for a better experience.
*   Datatable introduced for Map and Marker listing.
*   Added advanced option for API load restriction, prevent other map API loading with user consent.
*   Support page modified for better support.
*   Marker Description and Image attachment support implemented.
*   Security improvement.

**1.7.7**

*   Minor bug fixing
*   Autoloader class implemented
*   Map control options added(disable zoom, disable street view option, disable drag, disable double click zoom, disable pan control)
*   Security improvement
*   Appsero SDK implement for prompt support to users

**1.7.6**

*   Google Map Info Window auto focus bug fixed cause by google map last update

**1.7.5**

*   media\_buttons\_context deprecated issue resolving
*   Review system modification, made standard
*   Code re-organize with trait system
*   Admin UI updated to more user friendly
*   In case of shortcode not found shown a custom message only for logged in admin user
*   According to plugin guide updated code and optimized

**1.7.4**

*   Setup Wizard implementation for user Better experience
*   Installation wizard video and blog Help Manual included
*   Installation and knowledge base updated
*   PHP and JS Source optimized
*   Minor bug fixing in Block Editor

**1.7.3**

*   Custom CSS and JS adding option under settings tab.
*   Map direction UI re-designed and made responsive for various themes.
*   If short code not found, will show a custom message in front end.
*   Settings UI design changed for better user experience.
*   Made responsive for cross-platform
*   media\_buttons\_context deprecated issue resolving
*   Review system modification, made standard
*   Code re-organize with trait system
*   Admin UI updated to more user friendly
*   In case of shortcode not found shown a custom message only for logged in admin user

**1.7.2**

*   Map Center position auto detection on drag-drop and re-centering by user.
*   LIVE zoom updating and rendering once zoom level changed by user.

**1.7.1**

*   HTML content support in Google Map InfoWindow
*   Added select drop-down in WP Google Map widget instead of text box for ShortCode.
*   Disable admin notice for language based google setup.

**1.7.0**

*   Browser geolocation timeout related problem solved, youtube video updated.

**1.6.9**

*   Domain SSl related issue fixing for non-ssl websites.

**1.6.8**

*   Helpful video presentation has been added.

**1.6.7**

*   Admin notices for google map language and regional area settings made conditional.

**1.6.6**

*   PHP array related exception handled.

**1.6.5**

*   Javascript exception handled in Map edit page

**1.6.4**

*   Map language and Region customization option added.
*   Form and field level security enhanced.
*   Secured domain added for mail and verification process.
*   Support contact mail issue fixed.

**1.6.3**

Exception handled for warning message, security enhanced, review giving option added.

**1.6.2**

Security feature updated and feedback resolving.

**1.6.1**

Shortcode related dynamic title class and id updated and bug fixing.

**1.6.0**

Address autocomplete bug fixing.

**1.5.9**

Map direction view option changed.

**1.5.8**

Create new Map UI changes.

**1.5.7**

Security patch updated.

**1.5.6**

Helpful video tutorial added.

**1.5.5**

Language realted changes and some minor changes in files.

**1.5.4**

Dynamic/Customized Marker icon option added, Code related optimization added.

**1.5.3**

New version released with payment option updated.

**1.5.2**

New version released with bug fixing

**1.5.1**

New version released with helpful resources and insitilization of street view.

**1.5.0**

New version released with new helpful video

**1.4.9**

*   Map title on keyup effect added
*   Map type wise map rendering live
*   Infowindow live changing when updating
*   Address related API issue fixing

**1.4.8**

*   License key and api key updating problem server issue fixed.

**1.4.7**

*   How to add Google Map in Gutenberg WordPress editor.

**1.4.6**

*   Removed update to pro once updated to pro version

**1.4.5**

*   Plugin Settings option updated

**1.4.4**

*   LIVE CHAT option added for users.

**1.4.3**

*   Faq and contact page updated.

**1.4.2**

*   Bug fixing, Added instant contact form to give best experience and getting suggestion from users.

**1.4.1**

*   User help manual, FAQ and details description updated, also bug fixed.

**1.4.0**

*   Settings option updated.

**1.3.9**

*   Added pro version features and updated shortcode.

**1.3.8**

*   Google API readme updated, language and donation button added.

**1.3.7**

*   Google API realted update

**1.3.6**

*   Google API realted update

**1.3.5**

*   Google API realted update

**1.3.4**

*   Direction From field default to empty, Readme file updated with Google Billing warning message.

**1.3.3**

*   Spanish language files updated.

**1.3.2**

*   Danish Language Translation support updated.

**1.3.1**

*   Danish Language Translation support added.

**1.3.0**

*   German, German (Formal) and Spanish (Spain) Language file updated.

**1.2.9**

*   Examples button and Donation Button added.

**1.2.8**

*   Tags updated in readme.txt file.

**1.2.7**

*   Readme file updated.

**1.2.6**

*   Translation enabled for some additional text.

**1.2.5**

*   Installation process explained in details.

**1.2.4**

*   CSS updated related to map search box

**1.2.3**

*   Spanish Language support

**1.2.2**

*   Italian Language Support

**1.2.1**

*   Direction support Bug fixing

**1.2.0**

*   Direction support with Google Map

**1.1.7**

*   Look and Feel changes

**1.1.6**

*   Added option for creating unlimited maps(the Previous limit was 10)

**1.1.5**

*   Widget title giving option added

**1.1.4**

*   Added option to disable/enable zoom on mouse scrolling

**1.1.2, 1.1.3**

*   Small bug fixes

**1.1.1**

*   Menu Position changed and readme.txt updated

**1.1.0**

*   Initial Translation support for English(en), Bengali(bn) and German(de)

**1.0.9**

*   https or SSl related problem fixing

**1.0.8**

*   Initial marker dragging related problem fixing
*   API key trailing blank space removed

**1.0.7**

*   Added helpful video both in description and admin panel

**1.0.6**

*   Custom map heading class adding option added
*   Map rendering related problem fixing
*   Custom status message showed

**1.0.5**

*   Added new helpful video with how to get Free API key

**1.0.4**

*   Once plugin activated, goes to plugin settings page directly.

**1.0.3**

*   Self API key adding option added

**1.0.2**

*   Bug fixes with adding helpful video embedding

**1.0.1**

*   Updated screenshots with the FAQ to make easier.

**1.0.0**

*   Initial version of WP Google Map Plugin.

CVE-2021-45729: Maps Plugin using Google Maps for WordPress – WP Google Map

The Ultimate FAQ WordPress plugin before 2.1.2 does not have capability and CSRF checks in the ewd_ufaq_welcome_add_faq and ewd_ufaq_welcome_add_faq_page AJAX actions, available to any authenticated users. As a result, any users, with a role as low as Subscriber could create FAQ and FAQ questions

CVE-2021-24968: Changeset 2648562 – WordPress Plugin Repository

The Protect WP Admin WordPress plugin before 3.6.2 does not check for authorisation in the lib/pwa-deactivate.php file, which could allow unauthenticated users to disable the plugin (and therefore the protection offered) via a crafted request

CVE-2021-24906

An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 before 5.1.2. A valid user who is already authenticated to phpMyAdmin can manipulate their account to bypass two-factor authentication for future login instances.

**Announcement-ID:** PMASA-2022-1

**Date:** 2022-01-10

**Summary**

Two factor authentication bypass

**Description**

There is a sequence of actions a valid user can take that will allow them to bypass two factor authentication for that account. A user must first connect to phpMyAdmin (presumably using their two factor authentication method) in order to prepare their account for the bypass.

Note that a user is still able to disable two factor authentication through conventional means; this only addresses an unintentional security weakness in how phpMyAdmin processes a user's two factor status.

**Severity**

We do not consider this vulnerability to be severe due to the steps required to prepare for the attack and access required. Further, as noted above, a user is permitted to disable two factor authentication through conventional means.

**Affected Versions**

phpMyAdmin versions of the 4.9 branch prior to 4.9.8 and 5.1 prior to 5.1.2 are affected.

**Solution**

Upgrade to phpMyAdmin 4.9.8, 5.1.2, or newer or apply patch listed below.

**References**

phpMyAdmin team member William Desportes discovered this weakness

Assigned CVE ids: CVE-2022-23807

CWE ids: CWE-661

**Patches**

The following commits have been made to fix this issue:

*   ca54f1db050859eb8555875c6aa5d7796fdf4b32

**More information**

For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.

CVE-2022-23807: Security - PMASA-2022-1

An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection.

**Announcement-ID:** PMASA-2022-2

**Date:** 2022-01-10

**Summary**

Multiple XSS and HTML injection attacks in setup script

**Description**

A series of weaknesses has been discovered that could allow an attacker to inject malicious code in to aspects of the setup script, which can allow XSS or HTML injection.

**Severity**

We consider this vulnerability to be of moderate severity.

**Mitigation factor**

A phpMyAdmin installation with a configuration file \`config.inc.php\` will not allow access to the setup script, which in turn mitigates this attack.

**Affected Versions**

phpMyAdmin versions of the 5.1 branch prior to 5.1.2 are affected.

**Solution**

Upgrade to phpMyAdmin 5.1.2 or newer or apply patch listed below.

**References**

Thanks to Dipak Panchal (th3.d1p4k) for reporting this vulnerability.

Assigned CVE ids: CVE-2022-23808

CWE ids: CWE-661

**Patches**

The following commits have been made to fix this issue:

*   5118acce1dfcdb09cbc0f73927bf51c46feeaf38
*   44eb12f15a562718bbe54c9a16af91ceea335d59

**More information**

For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.

CVE-2022-23808: Security - PMASA-2022-2

Improper Neutralization of Special Elements Used in a Template Engine in Packagist mustache/mustache prior to 2.14.1.

@@ -320,7 +320,6 @@ private function block($nodes) }  
const SECTION\_CALL = ' // %s section $value = $context->%s(%s);%s $buffer .= $this->section%s($context, $indent, $value); '; @@ -391,11 +390,10 @@ private function section($nodes, $id, $filters, $start, $end, $otag, $ctag, $lev $id = var\_export($id, true); $filters = $this\->getFilters($filters, $level);  
return sprintf($this\->prepare(self::SECTION\_CALL, $level), $id, $method, $id, $filters, $key); return sprintf($this\->prepare(self::SECTION\_CALL, $level), $method, $id, $filters, $key); }  
const INVERTED\_SECTION = ' // %s inverted section $value = $context->%s(%s);%s if (empty($value)) { %s @@ -418,7 +416,7 @@ private function invertedSection($nodes, $id, $filters, $level) $id = var\_export($id, true); $filters = $this\->getFilters($filters, $level);  
return sprintf($this\->prepare(self::INVERTED\_SECTION, $level), $id, $method, $id, $filters, $this\->walk($nodes, $level)); return sprintf($this\->prepare(self::INVERTED\_SECTION, $level), $method, $id, $filters, $this\->walk($nodes, $level)); }  
const PARTIAL\_INDENT = ', $indent . %s';

CVE-2022-0323: Fix CVE-2022-0323 (improper neutralization of section names) · bobthecow/mustache.php@579ffa5

AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a heap-based buffer overflow.

*   Products
    *   Openwall GNU/\*/Linux   _server OS_
    *   Linux Kernel Runtime Guard
    *   John the Ripper   _password cracker_
        *   Free & Open Source for any platform
        *   in the cloud
        *   Pro for Linux
        *   Pro for macOS
    *   Wordlists   _for password cracking_
    *   passwdqc   _policy enforcement_
        *   Free & Open Source for Unix
        *   Pro for Windows (Active Directory)
    *   yescrypt   _KDF & password hashing_
    *   yespower   _Proof-of-Work (PoW)_
    *   crypt\_blowfish   _password hashing_
    *   phpass   _ditto in PHP_
    *   tcb   _better password shadowing_
    *   Pluggable Authentication Modules
    *   scanlogd   _port scan detector_
    *   popa3d   _tiny POP3 daemon_
    *   blists   _web interface to mailing lists_
    *   msulogin   _single user mode login_
    *   php\_mt\_seed   _mt\_rand() cracker_
*   Services
*   Publications
    *   Articles
    *   Presentations
*   Resources
    *   Mailing lists
    *   Community wiki
    *   Source code repositories (GitHub)
    *   Source code repositories (CVSweb)
    *   File archive & mirrors
    *   How to verify digital signatures
    *   OVE IDs
*   What's new

Tag

#php