Security
Headlines
HeadlinesLatestCVEs

Tag

#sql

WordPress WP-Automatic SQL Injection

This Metasploit module exploits an unauthenticated SQL injection vulnerability in the WordPress wp-automatic plugin versions prior to 3.92.1 to achieve remote code execution. The vulnerability allows the attacker to inject and execute arbitrary SQL commands, which can be used to create a malicious administrator account. The password for the new account is hashed using MD5. Once the administrator account is created, the attacker can upload and execute a malicious plugin, leading to full control over the WordPress site.

Packet Storm
#sql#vulnerability#windows#linux#git#wordpress#intel#php#rce#auth
GHSA-45pg-36p6-83v9: Langchain SQL Injection vulnerability

A vulnerability in the GraphCypherQAChain class of langchain-ai/langchain version 0.2.5 allows for SQL injection through prompt injection. This vulnerability can lead to unauthorized data manipulation, data exfiltration, denial of service (DoS) by deleting all data, breaches in multi-tenant security environments, and data integrity issues. Attackers can create, update, or delete nodes and relationships without proper authorization, extract sensitive data, disrupt services, access data across different tenants, and compromise the integrity of the database.

GHSA-6m59-8fmv-m5f9: @langchain/community SQL Injection vulnerability

A vulnerability in the GraphCypherQAChain class of langchain-ai/langchainjs versions 0.2.5 and all versions with this class allows for prompt injection, leading to SQL injection. This vulnerability permits unauthorized data manipulation, data exfiltration, denial of service (DoS) by deleting all data, breaches in multi-tenant security environments, and data integrity issues. Attackers can create, update, or delete nodes and relationships without proper authorization, extract sensitive data, disrupt services, access data across different tenants, and compromise the integrity of the database.

UP-RESULT PRO 1.0 SQL Injection

UP-RESULT PRO version 1.0 suffers from a remote SQL injection vulnerability.

Researchers Uncover Vulnerabilities in Open-Source AI and ML Models

A little over three dozen security vulnerabilities have been disclosed in various open-source artificial intelligence (AI) and machine learning (ML) models, some of which could lead to remote code execution and information theft. The flaws, identified in tools like ChuanhuChatGPT, Lunary, and LocalAI, have been reported as part of Protect AI's Huntr bug bounty platform. The most severe of the

A Sherlock Holmes Approach to Cybersecurity: Eliminate the Impossible with Exposure Validation

Sherlock Holmes is famous for his incredible ability to sort through mounds of information; he removes the irrelevant and exposes the hidden truth. His philosophy is plain yet brilliant: “When you have eliminated the impossible, whatever remains, however improbable, must be the truth.” Rather than following every lead, Holmes focuses on the details that are needed to move him to the solution. In

GHSA-2mv8-jjm5-f3hr: SQL injection in funadmin

funadmin 5.0.2 is vulnerable to SQL Injection via the parentField parameter in the index method of \backend\controller\auth\Auth.php.

GHSA-h345-r48x-g68f: SQL injection in funadmin

funadmin 5.0.2 has a SQL injection vulnerability in the Curd one click command mode plugin.

GHSA-x2fr-vj74-5h35: SQL injection in funadmin

Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/fieldlist.