Tag
#sql
Ivanti has warned that three new security vulnerabilities impacting its Cloud Service Appliance (CSA) have come under active exploitation in the wild. The zero-day flaws are being weaponized in conjunction with another flaw in CSA that the company patched last month, the Utah-based software services provider said. Successful exploitation of these vulnerabilities could allow an authenticated
The Top module for PHP-Nuke versions 6.x and below 7.6 suffers from a remote SQL injection vulnerability.
**According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?** An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send specially crafted replies to the client that exploit the vulnerability and permit execution of arbitrary code within the context of the user's SQL client application.
ABB Cylon Aspect version 3.07.02 suffers from an authenticated arbitrary file disclosure vulnerability. Input passed through the file GET parameter through the downloadDb.php script is not properly verified before being used to download database files. This can be exploited to disclose the contents of arbitrary and sensitive files via directory traversal attacks.
MD-Pro version 1.0.76 suffers from remote SQL injection and shell upload vulnerabilities.
Computer Laboratory Management System 2024 version 1.0 suffers from a cross site scripting vulnerability.
Acronis Cyber Infrastructure version 5.0.1-61 suffers from a cross site request forgery vulnerability.
A new high-severity security flaw has been disclosed in the LiteSpeed Cache plugin for WordPress that could enable malicious actors to execute arbitrary JavaScript code under certain conditions. The flaw, tracked as CVE-2024-47374 (CVSS score: 7.2), has been described as a stored cross-site scripting (XSS) vulnerability impacting all versions of the plugin up to and including 6.5.0.2. It was
Ivanti reports that the bug is being actively exploited in the wild for select customers.
### Summary The endpoint `/site-structure/localizer/save-string/:lang/:defstring` accepts two parameter values: `lang` and `defstring`. These values are used in an unsafe way to set the keys and value of the `cfgStrings` object. It allows to add/modify properties of the `Object prototype` that result in several logic issues, including: - RCE vulnerabilities by polluting the `tempRootFolder` property - SQL injection vulnerabilities by polluting the `schema` property when using `PostgreSQL` database. ### Details - file: https://github.com/saltcorn/saltcorn/blob/v1.0.0-beta.13/packages/server/routes/infoarch.js#L236-L239 ```js router.post( "/localizer/save-string/:lang/:defstring", isAdmin, error_catcher(async (req, res) => { const { lang, defstring } = req.params; // source const cfgStrings = getState().getConfigCopy("localizer_strings"); if (cfgStrings[lang]) cfgStrings[lang][defstring] = text(req.body.value); // [1] sink else cfgStrings[lang] = { [defstring]...