#sql

Ubuntu Security Notice 6288-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.34 in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.04. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.

eLitius version 1.0 appears to leave backups in a world accessible directory under the document root.

Elite CMS Pro version 2.01 suffers from a remote SQL injection vulnerability.

Elevel CMS version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

E-Journal Homoeo CMS version 2.0.3 suffers from a remote SQL injection vulnerability.

EI Tube YouTube API version 3 suffers from a remote SQL injection vulnerability.

WordPress Core version 5.6.2 appears to suffer from an xpath injection vulnerability via the log parameter.

An issue was discovered in Tigergraph Enterprise 3.7.0. The TigerGraph platform installs a full development toolchain within every TigerGraph deployment. An attacker is able to compile new executables on each Tigergraph system and modify system and Tigergraph binaries.

The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.11.1 via the 'admin_notice' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including configuration. It can only be exploited if the plugin has not been configured yet. If combined with another arbitrary plugin installation and activation vulnerability, it may be possible to connect a site to InfiniteWP which would make remote management possible and allow for elevation of privileges.

LiteSpeed OpenLiteSpeed before 1.7.18 does not strictly validate HTTP request headers.