#sql

The pgAdmin server includes an HTTP API that is intended to be used to validate the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. The utility is executed by the server to determine what PostgreSQL version it is from. Versions of pgAdmin prior to 6.17 failed to properly secure this API, which could allow an unauthenticated user to call it with a path of their choosing, such as a UNC path to a server they control on a Windows machine. This would cause an appropriately named executable in the target path to be executed by the pgAdmin server.

A vulnerability, which was classified as critical, has been found in m0ver bible-online. Affected by this issue is the function query of the file src/main/java/custom/application/search.java of the component Search Handler. The manipulation leads to sql injection. The name of the patch is 6ef0aabfb2d4ccd53fcaa9707781303af357410e. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-215444.

A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0). Affected software transmits the database credentials for the inbuilt SQL server in cleartext. In combination with the by default enabled xp_cmdshell feature unauthenticated remote attackers could execute custom OS commands. At the time of assigning the CVE, the affected firmware version of the component has already been superseded by succeeding mainline versions.

The approve parameter from the AeroCMS-v0.0.1 CMS system is vulnerable to SQL injection attacks.

The pgAdmin server includes an HTTP API that is intended to be used to validate the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. The utility is executed by the server to determine what PostgreSQL version it is from. Versions of pgAdmin prior to 6.17 failed to properly secure this API, which could allow an unauthenticated user to call it with a path of their choosing, such as a UNC path to a server they control on a Windows machine. This would cause an appropriately named executable in the target path to be executed by the pgAdmin server.

AeroCMS v0.0.1 is vulnerable to SQL Injection via the delete parameter.

Judging Management System version 1.0 a remote shell upload vulnerability.

Judging Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

### Impact All authenticated Cube clients could bypass row-level security and run arbitrary SQL via the newly introduced /v1/sql-runner endpoint. ### Patches The change has been reverted in 0.31.24 ### Workarounds Upgrade to >=0.31.24 or downgrade to <=0.31.22 ### Post mortem As part of implementing the Cube Cloud SQL runner functionality, we’ve added a new endpoint to the Cube Core so that we could add arbitrary queries directly to the queue, bypassing the modeling layer. The endpoint was added in this commit: https://github.com/cube-js/cube.js/commit/f1e25bb50323c0b99f3891d349467e7b637baeea It went through the code review; however, it slipped everyone’s attention that this endpoint completely bypasses any row-level security logic implemented in the modeling layer. Now anyone with a valid Cube JWT token could fetch any data, even if they were not allowed to do so by their security context. The issue was noticed by the Core team on Dec 12 and immediately reverted. The just-relea...

An arbitrary file upload vulnerability in /queuing/admin/ajax.php?action=save_settings of Dynamic Transaction Queuing System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.