#sql

Task Management System version 1.0 suffers from multiple remote SQL injection vulnerabilities.

By Deeba Ahmed Pwn2Own is back! This is a post from HackRead.com Read the original post: Pwn2Own 2024 Awards $700k as Hackers Pwn Tesla, Browsers, and More

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Advantech Equipment: WebAccess/SCADA Vulnerability: SQL Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated attacker to read or modify a remote database. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Advantech WebAccess/SCADA, a bowser-based SCADA software, are affected: WebAccess/SCADA: Version 9.1.5U 3.2 Vulnerability Overview 3.2.1 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND ('SQL INJECTION') CWE-89: There is a SQL Injection vulnerability in Advantech's WebAccess/SCDA software that allows an authenticated attacker to remotely inject SQL code on the database. Successful exploitation of this vulnerability could allow an attacker to read or modify data on the remote database. CVE-2024-2453 has been assigned to this vulnerability. A CVSS v3.1 base score of 6...

A vulnerability was found in Folio Spring Module Core before 2.0.0. Affected by this issue is the function dropSchema of the file tenant/src/main/java/org/folio/spring/tenant/hibernate/HibernateSchemaService.java of the component Schema Name Handler. The manipulation leads to sql injection. Upgrading to version 2.0.0 is able to address this issue. The name of the patch is d374a5f77e6b58e36f0e0e4419be18b95edcd7ff. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-257516.

Atlassian has released patches for more than two dozen security flaws, including a critical bug impacting Bamboo Data Center and Server that could be exploited without requiring user interaction. Tracked as CVE-2024-1597, the vulnerability carries a CVSS score of 10.0, indicating maximum severity. Described as an SQL injection flaw, it's rooted in a dependency called org.postgresql:

Red Hat Security Advisory 2024-1437-03 - An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8.4 Advanced Update Support.

Red Hat Security Advisory 2024-1436-03 - An update for postgresql-jdbc is now available for Red Hat Enterprise Linux 9.

Red Hat Security Advisory 2024-1435-03 - An update for postgresql-jdbc is now available for Red Hat Enterprise Linux 8.

Red Hat Security Advisory 2024-1429-03 - An update for the postgresql:10 module is now available for Red Hat Enterprise Linux 8.4 Advanced Update Support.

Red Hat Security Advisory 2024-1428-03 - An update for the postgresql:10 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.