Security
Headlines
HeadlinesLatestCVEs

Tag

#sql

CVE-2023-5108

The Easy Newsletter Signups WordPress plugin through 1.0.4 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin

CVE
Open in Source
#sql#wordpress#perl
October CMS 3.4.0 Wiki Article Cross Site Scripting

October CMS version 3.4.0 suffers from a persistent cross site scripting vulnerability when a user has article posting capabilities.

October CMS 3.4.0 Category Cross Site Scripting

October CMS version 3.4.0 suffers from a persistent cross site scripting vulnerability when a user has category-creating capabilities.

October CMS 3.4.0 Blog Cross Site Scripting

October CMS version 3.4.0 suffers from a persistent cross site scripting vulnerability when a user has blog-creating capabilities.

October CMS 3.4.0 Author Cross Site Scripting

October CMS version 3.4.0 suffers from a persistent cross site scripting vulnerability when a user has author posting capabilities.

October CMS 3.4.0 About Cross Site Scripting

October CMS version 3.4.0 suffers from a persistent cross site scripting vulnerability where a user has the ability to edit the landing/about page.

Red Hat Security Advisory 2023-7633-01

Red Hat Security Advisory 2023-7633-01 - An update for rh-mariadb105-galera and rh-mariadb105-mariadb is now available for Red Hat Software Collections. Issues addressed include a null pointer vulnerability.

CVE-2023-48863: ��ó��վ����,Ӣ����վ����,��ó��վ���

SEMCMS 3.9 is vulnerable to SQL Injection. Due to the lack of security checks on the input of the application, the attacker uses the existing application to inject malicious SQL commands into the background database engine for execution, and sends some attack codes as commands or query statements to the interpreter. These malicious data can deceive the interpreter, so as to execute unplanned commands or unauthorized access to data.

CVE-2023-38727: IBM® Db2® is vulnerable to denial of service with a specially crafted SQL statement. (CVE-2023-38727)

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted SQL statement. IBM X-Force ID: 262257.

OctoberCMS v3.4.0 (Blog) Stored Cross-Site Scripting Vulnerabilities

OctoberCMS suffers from stored cross-site scripting vulnerability when a user with the ability to a blog-creating feature that stores data persistently could perform a stored XSS attack against any other users visiting the blog page. This can lead to execute arbitrary HTML/JS code in a user's browser session in context of an affected site.