Security
Headlines
HeadlinesLatestCVEs

Tag

#sql

CVE-2021-40961: CMS Made Simple SQL injection on m1_sortby parameter

CMS Made Simple <=2.2.15 is affected by SQL injection in modules/News/function.admin_articlestab.php. The $sortby variable is concatenated with $query1, but it is possible to inject arbitrary SQL language without using the '.

CVE
Open in Source
#sql#vulnerability#web#git#php#auth
CVE-2022-31026

Trilogy is a client library for MySQL. When authenticating, a malicious server could return a specially crafted authentication packet, causing the client to read and return up to 12 bytes of data from an uninitialized variable in stack memory. Users of the trilogy gem should upgrade to version 2.1.1 This issue can be avoided by only connecting to trusted servers.

GHSA-f2g5-426f-353q: Cross-site Scripting in Dolibarr

Dolibarr 12.0.5 is vulnerable to Cross Site Scripting (XSS) via Sql Error Page.

CVE-2022-30875

Dolibarr 12.0.5 is vulnerable to Cross Site Scripting (XSS) via Sql Error Page.

CVE-2022-28386

An issue was discovered in certain Verbatim drives through 2022-03-31. The security feature for lockout (e.g., requiring a reformat of the drive after 20 failed unlock attempts) does not work as specified. More than 20 attempts may be made. This affects Keypad Secure USB 3.2 Gen 1 Drive Part Number #49428 and Store 'n' Go Secure Portable HDD GD25LK01-3637-C VER4.0.

CVE-2022-31325: SQL Injection vulnerability in ChurchCRM 4.4.5 via /churchcrm/WhyCameEditor.php · Issue #6005 · ChurchCRM/CRM

There is a SQL Injection vulnerability in ChurchCRM 4.4.5 via the 'PersonID' field in /churchcrm/WhyCameEditor.php.

Taming the Digital Asset Tsunami

Rob Gurzeev, CEO and Co-Founder of CyCognito, explores external attack surface soft spots tied to an ever-expanding number of digital assets companies too often struggle to keep track of and manage effectively.

CVE-2022-1688

The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the id parameter before using it in various SQL statement via the admin dashboard, leading to SQL Injections

CVE-2022-1687

The Logo Slider WordPress plugin through 1.4.8 does not sanitise and escape the lsp_slider_id parameter before using it in a SQL statement via the Manage Slider Images admin page, leading to an SQL Injection

CVE-2022-1686: Security Bulletin

The Five Minute Webshop WordPress plugin through 1.3.2 does not sanitise and escape the id parameter before using it in a SQL statement when editing a product via the admin dashboard, leading to an SQL Injection