The WP Review Slider WordPress plugin before 12.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber.

CVE-2023-0260

The WP Google Review Slider WordPress plugin before 11.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber.

CVE-2023-0259

The Pinpoint Booking System WordPress plugin before 2.9.9.2.9 does not validate and escape one of its shortcode attributes before using it in a SQL statement, which could allow any authenticated users, such as subscriber to perform SQL Injection attacks.

CVE-2023-0220

The FL3R FeelBox WordPress plugin through 8.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.

CVE-2022-4445

The Mapwiz WordPress plugin through 1.0.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.

CVE-2022-4546

Global Infotech CMS version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

    ====================================================================================================================================| # Title     : Global Infotech cms v 1.0 Auth by pass Vulnerability                                                               || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro)                                                                                        || # Vendor    : http://www.globalinfotech.co                                                                                       |  | # Dork      : "intext:"Powered by : Global Infotech"                                                                             |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine [+] Use Payload = user & pass : 1'or'1'='1[+] http://127.0.0.1/aaravcscdurgcom/admin/Dashboard.aspxGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh     |=======================================================================================================================================

Global Infotech CMS 1.0 SQL Injection

An updated version of Red Hat Update Infrastructure (RHUI) is now available. RHUI 4.3 fixes a security bug, introduces multiple new features, and upgrades underlying Pulp to a Long Term Support (LTS) version.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:
* CVE-2021-44420: In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths.
* CVE-2022-41323: A denial of service flaw was discovered in Django. This issue occurs when incorrectly handling certain internationalized URLs. A malicious attacker could use this issue to cause a crash, resulting in a denial of service.


RHSA-2023:0742: Red Hat Security Advisory: RHUI 4.3.0 release - Security Fixes, Bug Fixes, and Enhancements Update

In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger XSS by uploading a crafted .sql file through the drag-and-drop interface. By disabling the configuration directive `$cfg['enable_drag_drop_import']`, users will be unable to use the drag and drop upload which would protect against the vulnerability.

1.  GitHub Advisory Database
2.  GitHub Reviewed
3.  CVE-2023-25727

**XSS vulnerability in drag-and-drop upload of phpMyAdmin**

Moderate severity GitHub Reviewed Published Feb 13, 2023 to the GitHub Advisory Database • Updated Feb 14, 2023

**Package**

composer phpmyadmin/phpmyadmin (Composer)

**Affected versions**

\>= 4.3.0, < 4.9.11

\>= 5.0, < 5.2.1

**Patched versions**

4.9.11

5.2.1

**Description**

Last updated

Feb 14, 2023

Published to the GitHub Advisory Database

Feb 13, 2023

Published by the National Vulnerability Database

Feb 13, 2023

GHSA-6hr3-44gx-g6wh: XSS vulnerability in drag-and-drop upload of phpMyAdmin

In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger XSS by uploading a crafted .sql file through the drag-and-drop interface.

**Announcement-ID:** PMASA-2023-1

**Date:** 2023-02-07

**Summary**

XSS vulnerability in drag-and-drop upload

**Description**

An XSS vulnerability has been discovered where an authenticated user can trigger an XSS attack by uploading a specially-crafted .sql file through the drag-and-drop interface.

**Severity**

We consider this vulnerability to be of moderate severity.

**Mitigation factor**

By disabling the configuration directive \`$cfg\['enable\_drag\_drop\_import'\]\`, users will be unable to use the drag and drop upload which would protect against the vulnerability.

**Affected Versions**

phpMyAdmin versions prior to 4.9.11 and 5.2.1 are affected. The vulnerability has existed since release version 4.3.0.

**Solution**

Upgrade to phpMyAdmin 5.1.2 or 4.9.11 or newer or apply patch listed below.

**References**

Thanks to Erol Guven for reporting this vulnerability.

Assigned CVE ids: Not yet assigned

CWE ids: CWE-661

**Patches**

The following commits have been made on the 4.9 branch to fix this issue:

*   53f70fd7f3b388639922e6cc1ca51fbe890c91cc

The following commits have been made on the 5.2 branch to fix this issue:

*   efa2406695551667f726497750d3db91fb6f662e

**More information**

For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.

CVE-2023-25727: Security - PMASA-2023-1

Uncaught Exception in GitHub repository thorsten/phpmyfaq prior to 3.1.11.

@@ -114,41 +114,46 @@ $message .= sprintf('<p class="alert alert-danger">%s</p>', $PMF\_LANG\['ad\_user\_error\_noId'\]); } else { $userData = \[\]; $userData\['display\_name'\] = Filter::filterInput(INPUT\_POST, 'display\_name', FILTER\_UNSAFE\_RAW, ''); $userData\['email'\] = Filter::filterInput(INPUT\_POST, 'email', FILTER\_VALIDATE\_EMAIL, ''); $userData\['last\_modified'\] = Filter::filterInput(INPUT\_POST, 'last\_modified', FILTER\_UNSAFE\_RAW, ''); $userData\['display\_name'\] = Filter::filterInput(INPUT\_POST, 'display\_name', FILTER\_UNSAFE\_RAW); $userData\['email'\] = Filter::filterInput(INPUT\_POST, 'email', FILTER\_VALIDATE\_EMAIL); $userData\['last\_modified'\] = Filter::filterInput(INPUT\_POST, 'last\_modified', FILTER\_UNSAFE\_RAW); $userStatus = Filter::filterInput(INPUT\_POST, 'user\_status', FILTER\_UNSAFE\_RAW, $defaultUserStatus); $isSuperAdmin = Filter::filterInput(INPUT\_POST, 'is\_superadmin', FILTER\_UNSAFE\_RAW); $isSuperAdmin = $isSuperAdmin === 'on';  
$user = new User($faqConfig); $user\->getUserById($userId, true); // Sanity check if (is\_null($userData\['email'\])) { $message .= sprintf('<p class="alert alert-danger">%s</p>', $PMF\_LANG\['err\_noMailAdress'\]); } else { $user = new User($faqConfig); $user\->getUserById($userId, true);  
$stats = $user\->getStatus(); $stats = $user\->getStatus();  
// set new password an send email if user is switched to active if ($stats == 'blocked' && $userStatus == 'active') { if (!$user\->activateUser()) { $userStatus = 'invalid\_status'; // set new password an send email if user is switched to active if ($stats == 'blocked' && $userStatus == 'active') { if (!$user\->activateUser()) { $userStatus = 'invalid\_status'; } } }  
// Set super-admin flag $user\->setSuperAdmin($isSuperAdmin);  
if ( !$user\->userdata\->set(array\_keys($userData), array\_values($userData)) || !$user\->setStatus($userStatus) ) { $message .= sprintf('<p class="alert alert-danger">%s</p>', $PMF\_LANG\['ad\_msg\_mysqlerr'\]); } else { $message .= sprintf( '<p class="alert alert-success">%s <strong>%s</strong> %s</p>', $PMF\_LANG\['ad\_msg\_savedsuc\_1'\], Strings::htmlentities($user\->getLogin(), ENT\_QUOTES), $PMF\_LANG\['ad\_msg\_savedsuc\_2'\] ); $message .= '<script>updateUser(' . $userId . ');</script>'; // Set super-admin flag $user\->setSuperAdmin($isSuperAdmin);  
if ( !$user\->userdata\->set(array\_keys($userData), array\_values($userData)) || !$user\->setStatus($userStatus) ) { $message .= sprintf('<p class="alert alert-danger">%s</p>', $PMF\_LANG\['ad\_msg\_mysqlerr'\]); } else { $message .= sprintf( '<p class="alert alert-success">%s <strong>%s</strong> %s</p>', $PMF\_LANG\['ad\_msg\_savedsuc\_1'\], Strings::htmlentities($user\->getLogin(), ENT\_QUOTES), $PMF\_LANG\['ad\_msg\_savedsuc\_2'\] ); $message .= '<script>updateUser(' . $userId . ');</script>'; } } } }

Tag

#sql