Security
Headlines
HeadlinesLatestCVEs

Tag

#sql

Chat Bot 1.0 SQL Injection

Chat Bot version 1.0 suffers from a remote SQL injection vulnerability.

Packet Storm
#sql#vulnerability
GHSA-v9hf-5j83-6xpp: PyMySQL SQL Injection vulnerability

PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON input because keys are not escaped by `escape_dict`.

GHSA-2j6r-9vv4-6gf5: github.com/bincyber/go-sqlcrypter vulnerable to IV collision

There is a risk of an IV collision using the awskms or aesgcm provider. NIST SP 800-38D section 8.3 states that it is unsafe to encrypt more than 2^32 plaintexts under the same key when using a random IV. The limit could easily be reached given the use case of database column encryption. Ciphertexts are likely to be persisted and stored together. IV collision could enable an attacker with access to the ciphertexts to decrypt all messages encrypted with the affected key. The aesgcm provider cannot be fixed without a breaking change, so users should not encrypt more than 2^32 values with any key. The awskms package can be fixed without a breaking change by switching to a counter-based IV.

GHSA-7g7c-qhf3-x59p: propel/propel1 SQL injection possible with limit() on MySQL

The limit() query method is susceptible to catastrophic SQL injection with MySQL. For example, given a model User for a table users: ``` UserQuery::create()->limit('1;DROP TABLE users')->find(); ``` This will drop the users table! The cause appears to be a lack of integer casting of the limit input in either Criteria::setLimit() or in DBMySQL::applyLimit(). The code comments there seem to imply that casting was avoided due to overflow issues with 32-bit integers. This is surprising behavior since one of the primary purposes of an ORM is to prevent basic SQL injection. This affects all versions of Propel: 1.x, 2.x, and 3.

GHSA-7vw7-qx38-37vr: Propel2 SQL injection possible with limit() on MySQL

The limit() query method is susceptible to catastrophic SQL injection with MySQL. For example, given a model User for a table users: ``` UserQuery::create()->limit('1;DROP TABLE users')->find(); ``` This will drop the users table! The cause appears to be a lack of integer casting of the limit input in either Propel\Runtime\ActiveQuery\Criteria::setLimit() or in Propel\Runtime\Adapter\Pdo\MysqlAdapter::applyLimit(). The code comments there seem to imply that casting was avoided due to overflow issues with 32-bit integers. This is surprising behavior since one of the primary purposes of an ORM is to prevent basic SQL injection. This affects all versions of Propel: 1.x, 2.x, and 3.

Tenant Limited 1.0 SQL Injection

Tenant Limited version 1.0 suffers from a remote SQL injection vulnerability.

WordPress XStore Theme 9.3.8 SQL Injection

WordPress XStore theme version 9.3.8 suffers from a remote SQL injection vulnerability.

GHSA-9cw3-j7wg-jwj8: Neos Flow Information disclosure in entity security

If you had used entity security and wanted to secure entities not just based on the user's role, but on some property of the user (like the company he belongs to), entity security did not work properly together with the doctrine query cache. This could lead to other users re-using SQL queries from the cache which were built for other users; and thus users could see entities which were not destined for them. ### Am I affected? - Do you use Entity Security? if no, you are not affected. - You disabled the Doctrine Cache (Flow_Persistence_Doctrine)? If this is the case, you are not affected. - You use Entity Security in custom Flow or Neos applications. Read on. - If you only used Entity Security based on roles (i.e. role A was allowed to see entities, but role B was denied): In this case, you are not affected. - If you did more advanced stuff using Entity Security (like checking that a customer only sees his own orders; or a hotel only sees its own bookings), you very likely needed ...

Rockwell Automation FactoryTalk View SE

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk View SE Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to inject a malicious SQL statement in the SQL database, resulting in expose sensitive information. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Rockwell Automation's FactoryTalk View SE, monitoring software, are affected: FactoryTalk View SE: Versions prior to 14.0 3.2 Vulnerability Overview 3.2.1 IMPROPER INPUT VALIDATION CWE-20 A vulnerability exists in the FactoryTalk View SE Datalog function that could allow a threat actor to inject a malicious SQL statement if the SQL database has no authentication in place or if legitimate credentials were stolen. If exploited, the attack could result in information exposure, revealing sensitive information. Additionally, a threat actor coul...

GHSA-prpf-cj87-hwvr: Magento Patch SUPEE-10752 - Multiple security enhancements vulnerabilities

Magento Commerce 1.14.3.9 and Open Source 1.9.3.9 bring essential security enhancements with Patch SUPEE-10752. These updates address various vulnerabilities, including authenticated Admin user remote code execution (RCE), cross-site request forgery (CSRF), and more. Key Security Improvements: - APPSEC-2001: Authenticated Remote Code Execution (RCE) using custom layout XML - APPSEC-2015: Authenticated Remote Code Execution (RCE) through the Create New Order feature (Commerce only) - APPSEC-2042: PHP Object Injection and RCE in the Magento admin panel (Commerce Target Rule module) - APPSEC-2029: PHP Object Injection and Remote Code Execution (RCE) in the Admin panel (Commerce) - APPSEC-2007: Authenticated SQL Injection when saving a category - APPSEC-2027: CSRF is possible against Web sites, Stores, and Store Views - APPSEC-1882: The cron.php file can leak database credentials - APPSEC-2006: Stored cross-site scripting (XSS) through the Enterprise Logging extension - APPSEC-2005: Pers...