Tag
#sql
A flaw in the database escaping API results in a SQL injection vulnerability when extension dbal is enabled and configured for MySQL passthrough mode in its extension configuration. All queries which use the DatabaseConnection::sql_query are vulnerable, even if arguments were properly escaped with DatabaseConnection::quoteStr beforehand.
Employee and Visitor Gate Pass Logging System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
### Impact A user with an administrator, project_admin, or project_maintainer role could utilize and exploit SQL Injection to allow the execution of any Postgres function or the extraction of sensitive information from the database through this API: ``` GET /api/v2.0/projects/{project_name}/repositories/{repository_name}/artifacts/{reference}/scan/{report_id}/log ``` The SQL injection might happen in the code: https://github.com/goharbor/harbor/blob/9b7c1a2274fbc5ea16e19a484532f86c08926577/src/pkg/task/task.go#L241 Because raw SQL executed in ormer.Raw(Sql).QueryRows() is PrepareStatement. In the driver of Postgres, one PrepareStatement must contain only ONE SQL command, see https://www.postgresql.org/docs/15/libpq-exec.html#LIBPQ-PQPREPARE. The SQL should start with: ``` SELECT * FROM task WHERE extra_attrs::jsonb->'report_uuids' @> ``` Adding a delete/update operation by appending malicious content to the current SQL is impossible. Furthermore, the query result of the task is ju...
Yii2 supports attaching Behaviors to Components by setting properties having the format `'as <behaviour-name>'`. Internally this is done using the `__set()` magic method. If the value passed to this method is not an instance of the `Behavior` class, a new object is instantiated using `Yii::createObject($value)`. However, there is no validation check that verifies that `$value` is a valid `Behavior` class name or configuration. An attacker that can control the content of the $value variable can then instantiate arbitrary classes, passing parameters to their constructors and then invoking setter methods. ### Impact With some effort malicious code can be injected executed which might be anything ranging from deleting files to dropping database tables ### Patches Not yet patched. ### Workarounds No Work around available ### References Reported [Here](https://huntr.com/bounties/4fbdd965-02b6-42e4-b57b-f98f93415b8f?token=3bcfc5266870680af19a26170b8dbf3750e3b593ce192da8eaa6a03f96b99b52c4...
Red Hat Security Advisory 2024-3527-03 - Red Hat AMQ Streams 2.7.0 is now available from the Red Hat Customer Portal. Issues addressed include buffer overflow, denial of service, integer overflow, memory leak, and resource exhaustion vulnerabilities.
jSQL Injection is a lightweight application used to find database information from a distant server. jSQL Injection is also part of the official penetration testing distribution Kali Linux and is included in various other distributions like Pentest Box, Parrot Security OS, ArchStrike and BlackArch Linux. This is the source code release.
Ubuntu Security Notice 6802-1 - Lukas Fittl discovered that PostgreSQL incorrectly performed authorization in the built-in pg_stats_ext and pg_stats_ext_exprs views. An unprivileged database user can use this issue to read most common values and other statistics from CREATE STATISTICS commands of other users.
Online Payment Hub System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
Ubuntu Security Notice 6801-1 - It was discovered that PyMySQL incorrectly escaped untrusted JSON input. An attacker could possibly use this issue to perform SQL injection attacks.
BWL Advanced FAQ Manager version 2.0.3 suffers from a remote SQL injection vulnerability.