A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. Versions of pgAdmin prior to 7.6 failed to properly control the server code executed on this API, allowing an authenticated user to run arbitrary commands on the server.

Vulnerable versions: All prior to v7.6.

The pgAdmin server includes an HTTP API that is intended to be used to validate the path a user selects to external PostgreSQL utilities such as pg\_dump and pg\_restore. The utility is executed by the server to determine what PostgreSQL version it is from.

Versions of pgAdmin prior to 7.6 failed to properly control the server code executed on this API, which could allow an authenticated user to run arbitrary commands on the server. Users can use the commands as filenames and check for validating the path using the API. This would inject the command in the path validator and execute the command on the pgAdmin server.

This issue does not affect users running pgAdmin in desktop mode.

The pgAdmin project thanks Stefan Grönke <gronke@radicallyopensecurity.com\> for reporting this issue.

CVE-2023-5002: Remote command Execution by an Authenticated user in pgAdmin 4 · Issue #6763 · pgadmin-org/pgadmin4

The Media Library Assistant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mla_gallery' shortcode in versions up to, and including, 3.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE-2023-4716: class-mla-shortcode-support.php in media-library-assistant/trunk/includes – WordPress Plugin Repository

FUXA <= 1.1.12 is vulnerable to SQL Injection via `/api/signin`.

**FUXA SQL Injection vulnerability**

Moderate severity GitHub Reviewed Published Sep 22, 2023 to the GitHub Advisory Database • Updated Sep 22, 2023

GHSA-p46g-8c3q-89p2: FUXA SQL Injection vulnerability

A SQL Injection attack in FUXA <= 1.1.12 allows exfiltration of confidential information from the database.

GHSA-v9q5-9crp-92f9: FUXA SQL Injection vulnerability

FUXA <= 1.1.12 is vulnerable to SQL Injection via /api/signin.

**Name already in use**

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

**1** branch **0** tags

Code

*   Use Git or checkout with SVN using the web URL.
    
*   Open with GitHub Desktop
*   Download ZIP

**Latest commit**

**Files**

Permalink

Failed to load latest commit information.

Type

Name

Latest commit message

Commit time

**CVE-2023-31719**

Its possible do inject SQL code into the JSON parameter "username" from the endpoint /api/signin via HTTP POST request

{"username":"test' OR 2891=LIKE(CHAR(65,66,67,68,69,70,71),UPPER(HEX(RANDOMBLOB(500000000/2))))-- ZJMj","password":"test"}

Name Affected product: FUXA

Version affected: <= 1.1.12

Problem: SQL Injection

Description: Its possible do inject SQL code into the JSON parameter "username" from the endpoint /api/signin via HTTP POST request

CVE-2023-31719: GitHub - MateusTesser/CVE-2023-31719

CVE-2023-31717

SQL injection vulnerability in updatepos.php in PrestaShop opartfaq through 1.0.3 allows remote attackers to run arbitrary SQL commands via unspedified vector.

**IMPORTANT NOTICE**: DO NOT REPORT VULNERABILITIES SOLELY TO THE AUTHOR OR MARKETPLACE.

We urge you to report any vulnerabilities directly to us. Our mission is to ensure the safety and security of the PrestaShop ecosystem. Unfortunately, many module developers may not always recognize or acknowledge the vulnerabilities in their code, whether due to lack of awareness, or inability to properly evaluate the associated risk, or other reasons.

Given the rise in professional cybercrime networks actively seeking out these vulnerabilities, it's crucial that any potential threats are promptly addressed and the community is informed. The most effective method to do this is by publishing a CVE, like the one provided below.

Should you discover any vulnerabilities, **please report them to us at: report\[@\]security-presta.org**.

Every vulnerability report helps make the community more secure, and we are profoundly grateful for any information shared with us.

In the module “Opart Faq” (opartfaq) up to version 1.0.3 from Opart for PrestaShop, a guest can perform SQL injection in affected versions.

**Summary**

*   **CVE ID**: CVE-2023-34576
*   **Published at**: 2023-09-19
*   **Platform**: PrestaShop
*   **Product**: opartfaq
*   **Impacted release**: <= 1.0.3 (1.0.4 fixed the vulnerability - WARNING : NO SEMVER VERSIONNING BEFORE 2018 - SEE NOTE BELOW)
*   **Product author**: Opart
*   **Weakness**: CWE-89
*   **Severity**: critical (9.8)

**Description**

The ajax script updatepos.php has a sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection.

Note : We didn’t do semver versionning before 2018 - so consider all versions which matched this pattern : XX-XX-XX to be updated without delay.

**CVSS base metrics**

*   **Attack vector**: network
*   **Attack complexity**: low
*   **Privilege required**: none
*   **User interaction**: none
*   **Scope**: unchanged
*   **Confidentiality**: high
*   **Integrity**: high
*   **Availability**: high

**Vector string**: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

**Possible malicious usage**

*   Obtain admin access
*   Remove data from the associated PrestaShop
*   Copy/paste data from sensitive tables to FRONT to expose tokens and unlock admins’s ajax scripts
*   Rewrite SMTP settings to hijack emails

**Patch from 1.0.3**

    --- 1.0.3/modules/opartfaq/updatepost.php
    +++ 1.0.4/modules/opartfaq/updatepost.php
    ...
    	Db::getInstance()->update('opartfaq_questions_products', array(
    -			'position' => $value
    +			'position' => (int) $value
    -	),'id_product='.$_POST['opartFaqIdProductPos'].' AND id_opartfaq_questions='.$key);
    +	),'id_product='. (int) $_POST['opartFaqIdProductPos'].' AND id_opartfaq_questions='. (int) $key);
    

**Other recommendations**

*   It’s recommended to upgrade to the latest version of the module **opartfaq**.
*   Upgrade PrestaShop to the latest version to disable multiquery executions (separated by “;”) - be warned that this functionality **WILL NOT** protect your SHOP against injection SQL which uses the UNION clause to steal data.
*   Change the default database prefix ps_ with a new longer, arbitrary prefix. Nevertheless, be warned that this is useless against blackhats with DBA senior skills because of a design vulnerability in DBMS
*   Activate OWASP 942’s rules on your WAF (Web application firewall), be warned that you will probably break your backoffice and you will need to pre-configure some bypasses against this set of rules.

**Timeline**

Date

Action

2023-05-24

Issue discovered during a code review by TouchWeb.fr

2023-05-24

Contact Author to confirm version scope

2023-05-24

Author confirms versions scope

2023-05-24

Request CVE ID

2023-09-05

Received CVE ID

2023-09-19

Publish this security advisory

Opart thanks TouchWeb for its courtesy and its help after the vulnerability disclosure.

**Links**

*   Author product page
*   National Vulnerability Database

**DISCLAIMER:** _The French Association Friends Of Presta (FOP) acts as an intermediary to help hosting this advisory. While we strive to ensure the information and advice provided are accurate, FOP cannot be held liable for any consequences arising from reported vulnerabilities or any subsequent actions taken._

CVE-2023-34576: [CVE-2023-34576] Improper neutralization of SQL parameter in Opart Faq for PrestaShop

Dreamer CMS 4.1.3 is vulnerable to SQL Injection.

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Search code, repositories, users, issues, pull requests...**

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

CVE-2023-42279: -Vulnerability-recurrence-sorting/sqlattack-en.pdf at main · zaizainani/-Vulnerability-recurrence-sorting

SQL injection vulnerability in Prestashop opartplannedpopup 1.4.11 and earlier allows remote attackers to run arbitrary SQL commands via OpartPlannedPopupModuleFrontController::prepareHook() method.

**IMPORTANT NOTICE**: DO NOT REPORT VULNERABILITIES SOLELY TO THE AUTHOR OR MARKETPLACE.

We urge you to report any vulnerabilities directly to us. Our mission is to ensure the safety and security of the PrestaShop ecosystem. Unfortunately, many module developers may not always recognize or acknowledge the vulnerabilities in their code, whether due to lack of awareness, or inability to properly evaluate the associated risk, or other reasons.

Given the rise in professional cybercrime networks actively seeking out these vulnerabilities, it's crucial that any potential threats are promptly addressed and the community is informed. The most effective method to do this is by publishing a CVE, like the one provided below.

Should you discover any vulnerabilities, **please report them to us at: report\[@\]security-presta.org**.

Every vulnerability report helps make the community more secure, and we are profoundly grateful for any information shared with us.

In the module “Opart planned popup” (opartplannedpopup) up to version 1.4.11 from Opart for PrestaShop, a guest can perform SQL injection in affected versions.

**Summary**

*   **CVE ID**: CVE-2023-34577
*   **Published at**: 2023-09-19
*   **Platform**: PrestaShop
*   **Product**: opartplannedpopup
*   **Impacted release**: <= 1.4.11 (1.4.12 fixed the vulnerability)
*   **Product author**: Opart
*   **Weakness**: CWE-89
*   **Severity**: critical (9.8)

**Description**

Methods OpartPlannedPopupModuleFrontController::prepareHook() has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.

This exploit uses a PrestaShop specific controller and most attackers can conceal this controller’s path during the exploit, so you will never know within your conventional frontend logs that it exploits this vulnerability. **You will only see “POST /” inside your conventional frontend logs.** Activating the AuditEngine of mod\_security (or similar) is the only way to get data to confirm this exploit.

**CVSS base metrics**

*   **Attack vector**: network
*   **Attack complexity**: low
*   **Privilege required**: none
*   **User interaction**: none
*   **Scope**: unchanged
*   **Confidentiality**: high
*   **Integrity**: high
*   **Availability**: high

**Vector string**: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

**Possible malicious usage**

*   Obtain admin access
*   Remove data on the associated PrestaShop
*   Copy/past datas from sensibles tables to FRONT to exposed tokens and unlock admins’s ajax scripts
*   Rewrite SMTP settings to hijacked emails

**Patch from 1.4.11**

    --- 1.4.11/modules/opartplannedpopup/opartplannedpopup.php
    +++ 1.4.12/modules/opartplannedpopup/opartplannedpopup.php
    ...
    private function prepareHook()
    	{
    		$where = '';
    
    		if (get_class($this->context->controller) == 'OrderController')
    		{
                if (Tools::getIsset('step')) {
                    $current_step = Tools::getValue('step');
                } else {
                    $current_step = 0;
                }
    -			$where = 'p.display_order="" OR (p.display_order LIKE "'.$current_step.'" OR ';
    +			$where = 'p.display_order="" OR (p.display_order LIKE "'.(int)$current_step.'" OR ';
    -			$where .= 'p.display_order LIKE "'.$current_step.',%" OR p.display_order LIKE "%,'.$current_step.',%" OR ';
    +			$where .= 'p.display_order LIKE "'.(int)$current_step.',%" OR p.display_order LIKE "%,'.(int)$current_step.',%" OR ';
    -			$where .= 'p.display_order LIKE "%,'.$current_step.'")';
    +			$where .= 'p.display_order LIKE "%,'.(int)$current_step.'")';
    		}
    

**Other recommandations**

*   It’s recommended to upgrade to the latest version of the module **opartplannedpopup**.
*   Upgrade PrestaShop to the latest version to disable multiquery executions (separated by “;”)
*   Change the default database prefix ps_ by a new longer arbitrary prefix. Nethertheless, be warned that this is useless against blackhat with DBA senior skilled because of a design vulnerability in DBMS
*   Activate OWASP 942’s rules on your WAF (Web application firewall), be warned that you will probably break your backoffice and you will need to pre-configure some bypasses against these set of rules.

**Timeline**

Date

Action

2022-10-04

Issue discovered during a code review by TouchWeb.fr

2022-10-04

Contact Author to confirm version scope

2022-10-04

Author confirm versions scope

2023-05-24

Request CVE ID

2023-09-05

Received CVE ID

2023-09-19

Publish this security advisory

Opart thanks TouchWeb.fr and Creabilis.com for their courtesies and their help after the vulnerability disclosure.

**Links**

*   Author product page
*   National Vulnerability Database

**DISCLAIMER:** _The French Association Friends Of Presta (FOP) acts as an intermediary to help hosting this advisory. While we strive to ensure the information and advice provided are accurate, FOP cannot be held liable for any consequences arising from reported vulnerabilities or any subsequent actions taken._

CVE-2023-34577: [CVE-2023-34577] Improper neutralization of SQL parameter in Opart Planned popup for PrestaShop

Frappe LMS is an open source learning management system. In versions 1.0.0 and prior, on the People Page of LMS, there was an SQL Injection vulnerability. The issue has been fixed in the `main` branch. Users won't face this issue if they are using the latest main branch of the app.

**Description**

**Impact**

On the People Page of LMS, there was an SQL Injection vulnerability.

**Patches**

The issue has been fixed. Users won't face this issue if they are using the latest main branch of the app.

This issue was reported by Muztahidul Islam Tanim - muztahidul@gmail.com

Tag

#sql