Security
Headlines
HeadlinesLatestCVEs

Tag

#sql

CVE-2023-2204: cve_hub/Retro Basketball Shoes Online Store - vuln 5.pdf at main · E1CHO/cve_hub

A vulnerability was found in Campcodes Retro Basketball Shoes Online Store 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file faqs.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226969 was assigned to this vulnerability.

CVE
#sql#vulnerability#git#php#pdf
CVE-2023-2205

A vulnerability was found in Campcodes Retro Basketball Shoes Online Store 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /function/login.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-226970 is the identifier assigned to this vulnerability.

CVE-2023-30076: cve_report/SQLi-2.md at main · Dzero57/cve_report

Sourcecodester Judging Management System v1.0 is vulnerable to SQL Injection via /php-jms/print_judges.php?print_judges.php=&se_name=&sub_event_id=.

Trigona Ransomware Trolling for 'Poorly Managed' MS-SQL Servers

Vulnerable MS-SQL database servers have external connections and weak account credentials, researchers warn.

Threat Source newsletter (April 20, 2023) — Preview of Cisco and Talos at RSA

Heading to San Francisco next week? Here are all the Talos and Cisco Secure talks and events you won't want to miss.

Chitor-CMS 1.1.2 SQL Injection

Chitor-CMS version 1.1.2 suffers from a remote SQL injection vulnerability.

Two Critical Flaws Found in Alibaba Cloud's PostgreSQL Databases

A chain of two critical flaws has been disclosed in Alibaba Cloud's ApsaraDB RDS for PostgreSQL and AnalyticDB for PostgreSQL that could be exploited to breach tenant isolation protections and access sensitive data belonging to other customers. "The vulnerabilities potentially allowed unauthorized access to Alibaba Cloud customers' PostgreSQL databases and the ability to perform a supply chain

CVE-2023-2137: Chromium: CVE-2023-2137 Heap buffer overflow in sqlite

**Why is this Chrome CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. **How can I see the version of the browser?** 1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window 2. Click on **Help and Feedback** 3. Click on **About Microsoft Edge**

CVE-2014-125099: Release 3.7.3: Fixed a Possible SQL injection vulnerability reported by [Oskar Adin]… · wp-plugins/i-recommend-this

A vulnerability has been found in I Recommend This Plugin up to 3.7.2 on WordPress and classified as critical. Affected by this vulnerability is an unknown functionality of the file dot-irecommendthis.php. The manipulation leads to sql injection. The attack can be launched remotely. Upgrading to version 3.7.3 is able to address this issue. The name of the patch is 058b3ef5c7577bf557557904a53ecc8599b13649. It is recommended to upgrade the affected component. The identifier VDB-226309 was assigned to this vulnerability.

CVE-2023-22894: Multiple Critical Vulnerabilities in Strapi Versions <=4.7.1

Strapi through 4.5.5 allows attackers (with access to the admin panel) to discover sensitive user details by exploiting the query filter. The attacker can filter users by columns that contain sensitive information and infer a value from API responses. If the attacker has super admin access, then this can be exploited to discover the password hash and password reset token of all users. If the attacker has admin panel access to an account with permission to access the username and email of API users with a lower privileged role (e.g., Editor or Author), then this can be exploited to discover sensitive information for all API users but not other admin accounts.