#sql

JFinal CMS 5.1.0 is vulnerable to SQL Injection.

JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection

Red Hat Security Advisory 2022-6542-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include file overwrite and traversal vulnerabilities.

Red Hat Security Advisory 2022-6518-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs.

News247 News Magazine version 1.0 suffers from a persistent cross site scripting vulnerability.

Categories: Explained Categories: News Tags: Fuzzing Tags: fuzz testing Tags: memory leaks Tags: runtime errors Tags: race conditions Tags: control flow error Tags: memory allocation Tags: buffer overflow Fuzzing is an automated software testing method that uses a wide range of invalid and unexpected data as input to find flaws. (Read more...) The post Explained: Fuzzing for security appeared first on Malwarebytes Labs.

An update for the php:7.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-28948: Archive_Tar: allows an unserialization attack because phar: is blocked but PHAR: is not blocked * CVE-2020-28949: Archive_Tar: improper filename sanitization leads to file overwrites * CVE-2020-36193: Archive_Tar: directory traversal due to inadequate checking of symbolic links

An update for the php:7.4 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-28948: Archive_Tar: allows an unserialization attack because phar: is blocked but PHAR: is not blocked * CVE-2020-28949: Archive_Tar: improper filename sanitization leads to file overwrites * CVE-2020-36193: Archive_Tar: directory traversal due to inadequate checking of symbolic links

Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edit_user.php.

Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edit_visitor.php.