#sql

## Vulnerability type: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ## Vendor: Decidim International Community Environment ### Has vendor confirmed: Yes ### Attack type: Remote ### Impact: Code Execution Escalation of Privileges Information Disclosure ### Affected component: A raw sql-statement that uses an interpolated variable exists in the admin_role_actions method of the `papertrail/version-model(app/models/decidim/decidim_awesome/paper_trail_version.rb`). ### Attack vector: An attacker with admin permissions could manipulate database queries in order to read out the database, read files from the filesystem, write files from the filesystem. In the worst case, this could lead to remote code execution on the server. Description of the vulnerability for use in the CVE [ℹ] (https://cveproject.github.io/docs/content/key-details- phrasing.pdf) : An improper neutralization of special elements used in an SQL command in the `papertrail/vers...

Ubuntu Security Notice 7102-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.40 in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 24.10. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.

Red Hat Security Advisory 2024-9088-03 - An update for edk2 is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.

**How could an attacker exploit this vulnerability?** An attacker with the administrator role of "azure\_pg\_admin" in the target environment could exploit this vulnerability to gain the same privileges as a SuperUser by sending a specially crafted request to an Azure Database for PostgreSQL Flexible Server with specific non-default functionality enabled.

**What privileges could be gained by an attacker who successfully exploited the vulnerability?** An attacker who successfully exploits this vulnerability would gain the same privileges as the SuperUser role.

**According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?** The word **Remote** in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the **Attack Vector** is **Local** and **User Interaction** is **Required**, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.

**I am running SQL Server on my system. What action do I need to take?** Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. **I am running my own application on my system. What action do I need to take?** Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. **I am running an application from a software vendor on my system. What action do I need to take?** Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability **There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?** * First, determine your SQL Server version number. For more information on determining your SQL Server version number, see Micr...

**I am running SQL Server on my system. What action do I need to take?** Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. **I am running my own application on my system. What action do I need to take?** Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. **I am running an application from a software vendor on my system. What action do I need to take?** Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability **There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?** * First, determine your SQL Server version number. For more information on determining your SQL Server version number, see Micr...

**I am running SQL Server on my system. What action do I need to take?** Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. **I am running my own application on my system. What action do I need to take?** Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. **I am running an application from a software vendor on my system. What action do I need to take?** Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability **There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?** * First, determine your SQL Server version number. For more information on determining your SQL Server version number, see Micr...

**How could an attacker exploit this vulnerability?** An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client.