#sql

Employee Record Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

DETS Project version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

School Log Management System version 1.0 appears to suffers from a remote SQL injection vulnerability that allows an attacker to achieve code execution.

Simple College Website version 1.0 appears to suffers from a remote SQL injection vulnerability that allows an attacker to achieve code execution.

### Summary In Froxlor 2.1.9 and in the HEADs of the `main`, `v2.2` and `v2.1` branches , the XML templates in `lib/configfiles/` set `chmod 644` for `/etc/pure-ftpd/db/mysql.conf`, although that file contains `<SQL_UNPRIVILEGED_PASSWORD>`. At least on Debian 12, all parent directories of `/etc/pure-ftpd/db/mysql.conf` are world readable by default, thus exposing these credentials to all users with access to the system. Only Froxlor instances configured to use pure-ftpd are affected/vulnerable. ### Details https://github.com/froxlor/Froxlor/blob/2.1.9/lib/configfiles/bookworm.xml#L3075 ### PoC As non-privileged user: ``` nobody@mail:/tmp$ grep MYSQLPassword /etc/pure-ftpd/db/mysql.conf MYSQLPassword MySecretMySQLPasswordForFroxlor ``` ### Impact Any unprivileged user with "command/code execution" access to the system can trivially obtain the credentials granting access to the `froxlor` MySQL database. This holds true even for virtual users without SSH access as long as they are a...

The following presentation at this year's DEF CON was brought to our attention on the Diesel Gitter Channel: > SQL Injection isn't Dead: Smuggling Queries at the Protocol Level > <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf> > (Archive link for posterity.) Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow, causing the server to interpret the rest of the string as binary protocol commands or other data. It appears Diesel _does_ perform truncating casts in a way that could be problematic, for example: <https://github.com/diesel-rs/diesel/blob/ae82c4a5a133db65612b7436356f549bfecda1c7/diesel/src/pg/connection/stmt/mod.rs#L36> This code has existed essentially since the beginning, so it is reasonable to assume that all published versio...

DiCal-RED version 4009 makes use of unmaintained third party components with their own vulnerabilities.

Courier Management System version 1.0 suffers from a cross site request forgery vulnerability.

Company Visitor Management version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Client Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.