Security
Headlines
HeadlinesLatestCVEs

Tag

#sql

CVE-2022-46047: CVE/categories_delete_sql_injection.md at master · rdyx0/CVE

AeroCMS v0.0.1 is vulnerable to SQL Injection via the delete parameter.

CVE
Open in Source
#sql#web#windows#apple#php#chrome#webkit
Judging Management System 1.0 Shell Upload

Judging Management System version 1.0 a remote shell upload vulnerability.

Judging Management System 1.0 SQL Injection

Judging Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

GHSA-6jqm-3c9g-pch7: @cubejs-backend/api-gateway row level security bypass

### Impact All authenticated Cube clients could bypass row-level security and run arbitrary SQL via the newly introduced /v1/sql-runner endpoint. ### Patches The change has been reverted in 0.31.24 ### Workarounds Upgrade to >=0.31.24 or downgrade to <=0.31.22 ### Post mortem As part of implementing the Cube Cloud SQL runner functionality, we’ve added a new endpoint to the Cube Core so that we could add arbitrary queries directly to the queue, bypassing the modeling layer. The endpoint was added in this commit: https://github.com/cube-js/cube.js/commit/f1e25bb50323c0b99f3891d349467e7b637baeea It went through the code review; however, it slipped everyone’s attention that this endpoint completely bypasses any row-level security logic implemented in the modeling layer. Now anyone with a valid Cube JWT token could fetch any data, even if they were not allowed to do so by their security context. The issue was noticed by the Core team on Dec 12 and immediately reverted. The just-relea...

CVE-2022-45275: bug_report/RCE-1.md at main · ATKF/bug_report

An arbitrary file upload vulnerability in /queuing/admin/ajax.php?action=save_settings of Dynamic Transaction Queuing System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.

CVE-2022-3915

The Dokan WordPress plugin before 3.7.6 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users

CVE-2022-3925

The buddybadges WordPress plugin through 1.0.0 does not sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users

CVE-2022-3981

The Icegram Express WordPress plugin before 5.5.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscriber

Popular WAFs Subverted by JSON Bypass

Web application firewalls from AWS, Cloudflare, F5, Imperva, and Palo Alto Networks are vulnerable to a database attack using the popular JavaScript Object Notation (JSON) format.