Tag
#sql
A critical security flaw has been disclosed in a popular WordPress plugin called Ultimate Member that has more than 200,000 active installations. The vulnerability, tracked as CVE-2024-1071, carries a CVSS score of 9.8 out of a maximum of 10. Security researcher Christiaan Swiers has been credited with discovering and reporting the flaw. In an advisory published last week, WordPress
Simple Inventory Management System version 1.0 suffers from a remote SQL injection vulnerability.
Flashcard Quiz App version 1.0 suffers from a remote SQL injection vulnerability.
FAQ Management System version 1.0 suffers from a remote SQL injection vulnerability.
Red Hat Security Advisory 2024-0975-03 - An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8.
Red Hat Security Advisory 2024-0974-03 - An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8.
Red Hat Security Advisory 2024-0973-03 - An update for the postgresql:15 module is now available for Red Hat Enterprise Linux 8.
Red Hat Security Advisory 2024-0951-03 - An update for postgresql is now available for Red Hat Enterprise Linux 9.
Red Hat Security Advisory 2024-0950-03 - An update for the postgresql:15 module is now available for Red Hat Enterprise Linux 9.
# Impact SQL injection is possible when using the non-default connection property `preferQueryMode=simple` in combination with application code that has a vulnerable SQL that negates a parameter value. There is no vulnerability in the driver when using the default query mode. Users that do not override the query mode are not impacted. # Exploitation To exploit this behavior the following conditions must be met: 1. A placeholder for a numeric value must be immediately preceded by a minus (i.e. `-`) 1. There must be a second placeholder for a string value after the first placeholder on the same line. 1. Both parameters must be user controlled. The prior behavior of the driver when operating in simple query mode would inline the negative value of the first parameter and cause the resulting line to be treated as a `--` SQL comment. That would extend to the beginning of the next parameter and cause the quoting of that parameter to be consumed by the comment line. If that string parame...