Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the startDate parameter at getsalereport.php.

CVE-2022-34951

Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at editproduct.php.

CVE-2022-34950

Pharmacy Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities via the email or password parameter at login.php.

CVE-2022-34949

Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at editbrand.php.

CVE-2022-34948

Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at editcategory.php.

CVE-2022-34947

Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the startDate parameter at getexpproduct.php.

CVE-2022-34946

Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the startDate parameter at getproductreport.php.

CVE-2022-34945

PyroCMS v3.9 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities.

CVE-2022-35118: AARO-Bugs/AARO-CVE-List.md at master · Accenture/AARO-Bugs

PrestaShop is an Open Source e-commerce platform. In versions from 1.6.0.10 and before 1.7.8.7 PrestaShop is subject to an SQL injection vulnerability which can be chained to call PHP's Eval function on attacker input. The problem is fixed in version 1.7.8.7. Users are advised to upgrade. Users unable to upgrade may delete the MySQL Smarty cache feature.

@@ -25,6 +25,14 @@

\*/

class Smarty\_CacheResource\_Mysql extends Smarty\_CacheResource\_Custom

{

/\*\* @var PhpEncryption \*/

private $phpEncryption;

  

public function \_\_construct()

{

$this\->phpEncryption = new PhpEncryption(\_NEW\_COOKIE\_KEY\_);

}

  

/\*\*

\* fetch cached content and its modification time from data source.

\*

@@ -39,7 +47,7 @@ protected function fetch($id, $name, $cache\_id, $compile\_id, &$content, &$mtime)

{

$row = Db::getInstance()->getRow('SELECT modified, content FROM ' . \_DB\_PREFIX\_ . 'smarty\_cache WHERE id\_smarty\_cache = "' . pSQL($id, true) . '"');

if ($row) {

$content = $row\['content'\];

$content = $this\->phpEncryption\->decrypt($row\['content'\]);

$mtime = strtotime($row\['modified'\]);

} else {

$content = null;

@@ -87,7 +95,7 @@ protected function save($id, $name, $cache\_id, $compile\_id, $exp\_time, $content)

"' . pSQL($id, true) . '",

"' . pSQL(sha1($name)) . '",

"' . pSQL($cache\_id, true) . '",

"' . pSQL($content, true) . '"

"' . $this\->phpEncryption\->encrypt($content) . '"

)');

  

return (bool) Db::getInstance()->Affected\_Rows();

CVE-2022-31181: Merge pull request from GHSA-hrgx-p36p-89q4 · PrestaShop/PrestaShop@b6d96e7

CodeIgniter CMS version 4.2.0 suffers from a remote SQL injection vulnerability.

    [+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]                                                                                      [+]Exploit Title    : CodeIgniter CMS Version 4.2.0  Sql Injection Vulnerability                         [+]                                                                                         [+]Exploit Author   : E1.Coders                                           [+]                                                                                          [+]Vendor Homepage  : https://www.codeigniter.com/                                       [+]                                                                                       [+]Google Dork ONE  : searchResult/?title=[+]    [+]Google Dork Two  : Job/searchResult/?title=  [+]                                                                                     [+]Date             : 15 / 05 / 2022                                                                [+]                                                                                     [+]Tested On        : windows + linux                                              [+]                                                                                        [+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~>DESCRITION   <~ ~ ~ [+] [+] CodeIgniter CMS suffers from a remote SQL injection vulnerability. [+] "codeigniter vulnerability ::$DATA view source code"[+] Note that this find contains information about the site.[+] CodeIgniter CMS SQL injection vulnerabilities were found and confirmed in the software as an anonymous user.[+] A successful attack could allow an unknown attacker to access information such as username and password hashes stored in the database.[+] The following URLs and parameters have been confirmed to suffer from SQL injection.                                                                                        [+] [+]~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~>  Location   <~ ~ ~                           [+] SQL ERROR Location                                                                                        [+] http://www.site.com/Job/searchResult/?title=[SQL]                                              [+] [+]~ ~ ~~ ~ ~~  ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~ ~~ ~ ~~ ~ ~~ ~~~~~~ ~~ ~>   DEMO      <~ ~ ~                       [+][+][+] ERROR : https://[removed].com/Job/searchResult/?title=123%27[+][+] ERROR : https://[removed].com/Job/city/%D8%A7%D8%B3%D8%AA%D8%AE%D8%AF%D8%A7%D9%85-%D9%85%D8%B4%D9%87%D8%AF'  (OR= or ==)[+][+] ERROR : https://[removed].ir/?per_page=400%2[+][+] ERROR : https://[removed].ir/Job/search/NULL/%D8%A2%D8%A8%D8%A7%D8%AF%D8%A7%D9%86'/NULL/NULL/0[+] [+] ERROR : https://[removed].com/login/       (username = '  Password = ')[+][+] ERROR : https://[removed].com/search.php?search=1'[+][+] ERROR : https://[removed].com/news.php?p=7251'[+][+] ERROR : https://[removed].com/employe/show.php?cvid=14088'[+][+] ERROR : https://[removed].com/states/%D8%AA%D9%87%D8%B1%D8%A7%D9%86'[+][+] ERROR : https://[removed].com/fa/index.asp?p=search&search=1[+][+] ERROR : https://[removed].com/fa/FormView/1026'[+][+] ERROR : https://[removed].com/fa/formview/1030' [+] And Google More . . . \ .[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]  Methode Attack :[+]  [+] Step 1 : Enter the URL of the page that has the problem of sql injection attacks[+] [+] Step 2 :  Add a variable "  OR ' to the end of  the URL "request"[+] To display the PHP error related to not controlling the functions that cause the attacker to attack  '[+] [+] Step 3 :  Use sqlmap: python sqlmap.py -u "https://[removed].com/Job/searchResult/?title=123"[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+] [+] About CMS :[+] [+] Codeigniter is an open source web software framework used to build dynamic websites. [+] This framework, which is written in PHP language, [+] accelerates the development of software by coding from the beginning. This acceleration is done by the framework's libraries, [+] many of which make common tasks simple. The first public release of CodeIgniter was on February 28, 2006[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+] [+] Explanation of vulnerability :[+] [+] The remote attacker can test the SQL Inject attack by injecting a 'variable' and after displaying the PHP error related to not controlling the functions that cause the SQL Inject attack[+] And the attacker can execute attacks with SQL Inject commands or execute attacks with ready tools such as Squat Map.[+] [+] All different parts of the site have this security problem[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+] [+] Solution :[+] [+] [+] Use parameter input validation to be modified to prevent attacks[+] "codeigniter vulnerability ::$DATA view source code"[+] [+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]

Tag

#sql