#sql

Taokeyun versions up to 1.0.5 suffers from a remote SQL injection vulnerability.

Copyright Loan Management System 2024 version 1.0 suffers from a remote SQL Injection vulnerability that allows for authentication bypass.

### Summary The [`OrderAndPaginate`](https://github.com/0xjacky/nginx-ui/blob/04bf8ec487f06ab17a9fb7f34a28766e5f53885e/model/model.go#L99C4) function is used to order and paginate data. It is defined as follows: ```go func OrderAndPaginate(c *gin.Context) func(db *gorm.DB) *gorm.DB { return func(db *gorm.DB) *gorm.DB { sort := c.DefaultQuery("order", "desc") order := fmt.Sprintf("`%s` %s", DefaultQuery(c, "sort_by", "id"), sort) db = db.Order(order) ... } } ``` By using [`DefaultQuery`](https://github.com/0xjacky/nginx-ui/blob/04bf8ec487f06ab17a9fb7f34a28766e5f53885e/model/model.go#L278-L287), the `"desc"` and `"id"` values are used as default values if the query parameters are not set. Thus, the `order` and `sort_by` query parameter are user-controlled and are being appended to the `order` variable without any sanitization. The same happens with [`SortOrder`](https://github.com/0xjacky/nginx-ui/blob/04bf8ec487f06ab17a9fb7f34a28766e5f53885e/model/model.go#L91), but it doesn...

Ubuntu Security Notice 6570-1 - Pedro Gallegos discovered that PostgreSQL incorrectly handled modifying certain SQL array values. A remote attacker could use this issue to obtain sensitive information, or possibly execute arbitrary code. Hemanth Sandrana and Mahendrakar Srinivasarao discovered that PostgreSQL allowed the pg_signal_backend role to signal certain superuser processes, contrary to expectations.

Microsoft has addressed a total of 48 security flaws spanning its software as part of its Patch Tuesday updates for January 2024. Of the 48 bugs, two are rated Critical and 46 are rated Important in severity. There is no evidence that any of the issues are publicly known or under active attack at the time of release, making it the second consecutive Patch Tuesday with no zero-days. The

### Impact When verifying W3C Format Verifiable Credentials using JSON-LD with Linked Data Proofs (LDP-VCs), the result of verifying the presentation `document.proof` was not factored into the final `verified` value (`true`/`false`) on the presentation record. Below is an example result from verifying a JSON-LD Presentation where there is an error noted in the processing (mismatched challenge), but the overall result is incorrectly `"verified": true`: ```json { "verified": true, "presentation_result": { "verified": false, "document": { "@context": [ "https://www.w3.org/2018/credentials/v1" ], "type": [ "VerifiablePresentation" ], "verifiableCredential": [ { "@context": [ "https://www.w3.org/2018/credentials/v1", "https://w3id.org/citizenship/v1" ], "type": [ "VerifiableCredential", "PermanentResident" ], "issuer": "did:sov...

Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability

liveSite version 2019.1 suffers from a remote code execution vulnerability.

AdvantechWeb/SCADA version 9.1.5U suffers from a post authentication remote SQL injection vulnerability.

Microsoft SQL Server versions 2014 through 2022 suffers from a db_ddladmin privilege escalation vulnerability. When escalated to Microsoft as a concern, they instead opted to update their documentation to note that this is possible instead of addressing the issue.