Security
Headlines
HeadlinesLatestCVEs

Tag

#sql

ReadyMade Unilevel Ecommerce MLM Blind SQL Injection / Cross Site Scripting

Readymade Unilevel Ecommerce MLM suffers from remote blind SQL injection and cross site scripting vulnerabilities. These issues affected the version released as late as March 15, 2024.

Packet Storm
#sql#xss#vulnerability#php#auth
AccPack Buzz 1.0 SQL Injection

AccPack Buzz version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Readymade Real Estate Script SQL Injection / Cross Site Scripting

Readymade Real Estate Script suffers from remote blind SQL injection and cross site scripting vulnerabilities.

Ubuntu Security Notice USN-6934-1

Ubuntu Security Notice 6934-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.39 in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 24.04 LTS. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.

SchoolPlus LMS 1.0 SQL Injection

SchoolPlus LMS version 1.0 suffers from a remote SQL injection vulnerability.

AccPack Cop 1.0 SQL Injection

AccPack Cop version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

GHSA-wm25-j4gw-6vr3: pREST vulnerable to jwt bypass + sql injection

### Summary Probably jwt bypass + sql injection or what i'm doing wrong? ### PoC (how to reproduce) 1. Create following files: docker-compose.yml: ``` services: postgres: image: postgres container_name: postgres_container_mre environment: POSTGRES_USER: test_user_pg POSTGRES_PASSWORD: test_pass_pg POSTGRES_DB: test_db prest: image: prest/prest build: . volumes: - ./queries:/queries - ./migrations:/migrations ports: - "3000:3000" ``` Dockerfile: ``` from prest/prest:latest COPY ./prest.toml prest.toml ``` prest.toml: ``` debug=false migrations = "./migrations" [http] port = 3000 [jwt] default = true key = "secret" algo = "HS256" [auth] enabled = true type = "body" encrypt = "MD5" table = "prest_users" username = "username" password = "password" [pg] URL = "postgresql://test_user_pg:test_pass_pg@postgres:5432/test_db/?sslmode=disable" [ssl] mode = "disable" sslcert = "./PATH" sslkey = "./PATH" sslrootcert = "....

GHSA-fx6j-9pp6-ph36: Pimcore vulnerable to disclosure of system and database information behind /admin firewall

### Summary Navigating to `/admin/index/statistics` with a **logged in Pimcore user** (not an XmlHttpRequest because of this check: [IndexController:125](https://github.com/pimcore/admin-ui-classic-bundle/blob/1.x/src/Controller/Admin/IndexController.php#L125C24-L125C40)) exposes information about the Pimcore installation, PHP version, MYSQL version, installed bundles and all database tables and their row count in the system. > The web server should not return any product and version information of the components used. The table names and row counts should not be exposed. ### Details `/admin/index/statistics` returns the following JSON-response: ``` { { "instanceId": "...", "pimcore_major_version": 11, "pimcore_version": "v11.3.1", "pimcore_hash": "3ecd39f21dbdd25ffdf4bec6e2c860eccfd3d008", "pimcore_platform_version": "v2024.2", "php_version": "8.3.8", "mysql_version": "10.11.8-MariaDB-ubu2204", "bundles": [ //...