Security
Headlines
HeadlinesLatestCVEs

Tag

#sql

Marty Marketplace Multi Vendor Ecommerce Script 1.2 SQL Injection

Marty Marketplace Multi Vendor Ecommerce Script version 1.2 suffers from a remote SQL injection vulnerability.

Packet Storm
Open in Source
#sql#vulnerability#web#apache#php#auth
CVE-2022-33965: WP Visitor Statistics (Real Time Traffic)

Multiple Unauthenticated SQL Injection (SQLi) vulnerabilities in Osamaesh WP Visitor Statistics plugin <= 5.7 at WordPress.

CVE-2022-29709: CLink Office 2.0 SQL Injection ≈ Packet Storm

CommuniLink Internet Limited CLink Office v2.0 was discovered to contain multiple SQL injection vulnerabilities via the username and password parameters.

GHSA-qv6h-pcf2-2w3g: Duplicate Advisory GHSA-hrgx-p36p-89q4

## Duplicate Advisory This advisory is a duplicate of GHSA-hrgx-p36p-89q4. This link is maintained to preserve external references. ## Original Description PrestaShop 1.6.0.10 through 1.7.x before 1.7.8.2 allows remote attackers to execute arbitrary code, aka a "previously unknown vulnerability chain" related to SQL injection, as exploited in the wild in July 2022.

CVE-2022-34115: [Bug]任意文件跨目录写入 · Issue #2428 · dataease/dataease

Dataease v1.11.1 was discovered to contain a SQL injection vulnerability via the parameter dataSourceId.

CVE-2022-34114: [Bug]任意SQL代码执行 · Issue #2430 · dataease/dataease

Dataease v1.11.1 was discovered to contain a SQL injection vulnerability via the parameter dataSourceId.

CVE-2022-36408: Major Security Vulnerability on PrestaShop Websites

PrestaShop 1.6.0.10 through 1.7.x before 1.7.8.2 allows remote attackers to execute arbitrary code, aka a "previously unknown vulnerability chain" related to SQL injection, as exploited in the wild in July 2022.

Threat Roundup for July 15 to July 22

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between July 15 and July 22. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is non-exhaustive and current as of the date of publication. Additionally, please keep in mind that IOC searching is only one part of threat hunting. Spotting a single IOC does not necessarily indicate maliciousness. Detection and coverage for the following threats is subject to updates, pending additional threat or vulnerability analysis. For the most current information, please refer to your Firepower Management Center, Snort.org, or ClamAV.net. For each threat described below, this blog post only lists 2...

SonicWall Issues Patch for Critical Bug Affecting its Analytics and GMS Products

Network security company SonicWall on Friday rolled out fixes to mitigate a critical SQL injection (SQLi) vulnerability affecting its Analytics On-Prem and Global Management System (GMS) products. The vulnerability, tracked as CVE-2022-22280, is rated 9.4 for severity on the CVSS scoring system and stems from what the company describes is an "improper neutralization of special elements" used in

CVE-2022-33960: WordPress Social Share Buttons by Supsystic plugin <= 2.2.3 - Multiple Authenticated SQL Injection (SQLi) vulnerabilities - Patchstack

Multiple Authenticated (subscriber or higher user role) SQL Injection (SQLi) vulnerabilities in Social Share Buttons by Supsystic plugin <= 2.2.3 at WordPress.