Piwigo is open source photo gallery software. Prior to version 13.8.0, there is a SQL Injection vulnerability in the login of the administrator screen. The SQL statement that acquires the HTTP Header `User-Agent` is vulnerable at the endpoint that records user information when logging in to the administrator screen. It is possible to execute arbitrary SQL statements. Someone who wants to exploit the vulnerability must be log in to the administrator screen, even with low privileges. Any SQL statement can be executed. Doing so may leak information from the database. Version 13.8.0 contains a fix for this issue. As another mitigation, those who want to execute a SQL statement verbatim with user-enterable parameters should be sure to escape the parameter contents appropriately.

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Search code, repositories, users, issues, pull requests...**

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

CVE-2023-37270: Piwigo/include/dblayer/functions_mysqli.inc.php at c01ec38bc43f09424a8d404719c35f963d63cf00 · Piwigo/Piwigo

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between June 30 and July 7. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key

Threat Roundup for June 30 to July 7

In TravianZ 8.3.4 and 8.3.3, Incorrect Access Control in the installation script allows an attacker to overwrite the server configuration and inject PHP code.

CVE-2023-36994: TravianZ Hacked

Users need to patch the latest SQL injection vulnerability as soon as possible. Meanwhile, Cl0p's data extortion rampage gallops on.

Yet another critical SQL injection vulnerability has been disclosed and patched in Progress Software's MOVEit Transfer software — the fourth such flaw revealed in the space of a month.

The security bug (CVE-2023-36934) is distinct from the former zero-day flaw that's being exploited with resounding success by the Cl0p ransomware gang. But like that bug, it could allow unauthenticated cyberattackers to access MOVEit Transfer databases, and from there execute malware, manipulate files, or exfiltrate information.

"An attacker could submit a crafted payload to a MOVEit Transfer application endpoint which could result in modification and disclosure of MOVEit database content," according to the Progress advisory on the bug.

The flaw hasn't been exploited in the wild so far, according to the advisory — but given its severity, users are urged to patch it as soon as possible, along with two high-severity vulnerabilities (CVE-2023-36932 and CVE-2023-36933) disclosed at the same time.

The bugs affect MOVEit Transfer versions 12.1.10 and earlier, 13.0.8 and earlier, 13.1.6 and earlier, 14.0.6 and earlier, 14.1.7 and earlier, and 15.0.3 and earlier.

The other SQL vulnerabilities revealed since early June are CVE-2023-35708 and CVE-2023-35036, as well as CVE-2023-34362, which is Cl0p's target and was discovered Memorial Day weekend.

Speaking of the Cl0p campaign, the extortion gang is galloping on, claiming 200+ victims so far, including government agencies. The blast radius of the campaign has been widened by compromised third-party vendors exposing their downstream customers.

Progress said this week that it plans to release MOVEit product updates every two months from now on.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

MOVEit Transfer Faces Another Critical Data-Theft Bug

SQL injection vulnerability found in PrestaShop lekerawen_ocs before v.1.4.1 allow a remote attacker to gain privileges via the KerawenHelper::setCartOperationInfo, and KerawenHelper::resetCheckoutSessionData components.

*   Logiciel de caisse
*   Site web e-commerce
*   Pilotage de l’activité
*   Outils marketing
*   Outils de communication
*   DÉMO

Avec le **logiciel de caisse PrestaShop**, votre caisse enregistreuse dépasse les frontières physiques de votre magasin et devient le centre névralgique de votre activité. Avec le module KerAwen, vous possédez tous les outils et informations vous permettant de proposer une offre personnalisée à chacun de vos clients, mais aussi de bien gérer vos stocks. En plus, la **caisse enregistreuse** compatible Prestashop peut vous suivre partout pour renseigner votre clientèle en magasin ou réaliser un encaissement « sofa ».

Le logiciel de caisse PrestaShop Kerawen est **conforme et certifié** avec la nouvelle norme 2018.

Notre caisse Pos KerAwen est 100 % compatible avec un **site e-commerce** PrestaShop, mais elle l’est aussi avec d’autres CMS comme Shopify et WooCommerce.

_Logiciel de caisse prestashop intuitif, nomade et puissant.  
Offrez une nouvelle expérience à vos clients, réinventez le métier de vendeur._

**Module de caisse PrestaShop : un outil d’aide à la vente inédit**

*   *   *   **Comptes client** : création en quelques clics, reconnaissance des clients et visualisation immédiate de leur historique d’achats magasin, web et mobile. D’un simple clic, le vendeur peut consulter les articles vus sur son site e-commerce, la wishlist, le CA des 12 derniers mois, le panier moyen, les paniers abandonnés…

*   *   *   **Catalogue produits** : création, édition, modification et visualisation des fiches produit (prix, stocks, descriptifs, recommandations…)

*   *   *   **Marketing** : édition de _coupons promotionnels_, mise en place de programmes personnalisés de _fidélité_ et de _parrainage_

**Notre caisse PrestaShop est aussi un gestionnaire de commandes**

*   *    Notifications automatiques des commandes web sur la caisse

*   *   Gestion des commandes clients en temps réel (changement d’état et retrait en magasin)

*   *   Bientôt, la prise de commande avec choix entre retrait en magasin et livraison à domicile depuis la caisse

**Un logiciel de caisse PrestaShop lié à une technologie simple et économique**

*   *   *   **Conservez votre matériel informatique** : compatible avec les systèmes d’exploitation Windows, Mac, Linux… et avec tous les devices (ordinateurs, tablettes et téléphones mobiles), notre logiciel de caisse PrestaShop nécessite uniquement un navigateur (Firefox, Chrome, Safari, Opera). La solution KerAwen est aussi compatible avec les douchettes USB et les imprimantes supportant le protocole ESC/POS, soit la plupart des imprimantes du marché.

**Une caisse enregistreuse Prestashop avec les meilleures fonctionnalités**

Multi paiement : espèces, ticket-restaurant, carte-cadeau, carte, paiement différé…

Gestion des devis omni-canal : un devis créé en caisse peut être transformé en commande en ligne par votre client

Fidélité : compte commun au web et au magasin, transformation d’achat

Carte-cadeau omni-canal : une carte-cadeau vendue en magasin peut être utilisée sur le site ou vice versa

Ticket de caisse & facture : impression, envoi par e-mail et disponible en ligne

Remise catalogue ou vendeur (article ou panier)

Avoir : génération avec code-barres, utilisable en caisse ou en ligne, anonyme ou nominatif

Coupons : code-barres, automatique ou discrétionnaire vendeur

Clôture de caisse, dépôt et remise d’espèces

Journaux : CA, encaissement et TVA des points de fidélité en bons

Mise en attente et rappel panier

Afficheur client 2 lignes ou écran incluant photo publicité

Génération et impression des codes-barres

CVE-2023-27845: Logiciel de caisse PrestaShop, caisse enregistreuse POS

Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the course categories' definition.

Expand Up

@@ -188,7 +188,7 @@ public static function addNode($code, $name, $canHaveCourses, $parent\_id)

$tree\_pos = $row\['maxTreePos'\] + 1;

  

$params = \[

'name' => $name,

'name' => html\_filter($name),

'code' => $code,

'parent\_id' => empty($parent\_id) ? null : $parent\_id,

'tree\_pos' => $tree\_pos,

Expand Down Expand Up

@@ -300,29 +300,34 @@ public static function editNode(

$tbl\_course = Database::get\_main\_table(TABLE\_MAIN\_COURSE);

$tbl\_category = Database::get\_main\_table(TABLE\_MAIN\_CATEGORY);

  

$code = trim(Database::escape\_string($code));

$name = trim(Database::escape\_string($name));

$old\_code = Database::escape\_string($old\_code);

$canHaveCourses = Database::escape\_string($canHaveCourses);

$code = CourseManager::generate\_course\_code($code);

$name = html\_filter($name);

  

$code = CourseManager::generate\_course\_code($code);

// Updating category

$sql = "UPDATE $tbl\_category SET

name='$name',

code='$code',

auth\_course\_child = '$canHaveCourses'

WHERE code = '$old\_code'";

Database::query($sql);

Database::update(

$tbl\_category,

\[

'name' => $name,

'code' => $code,

'auth\_course\_child' => $canHaveCourses,

\],

\['code = ?' => $old\_code\]

);

  

// Updating children

$sql = "UPDATE $tbl\_category SET parent\_id = '$code'

WHERE parent\_id = '$old\_code'";

Database::query($sql);

Database::update(

$tbl\_category,

\['parent\_id' => $code\],

\['parent\_id = ?' => $old\_code\]

);

  

// Updating course category

$sql = "UPDATE $tbl\_course SET category\_code = '$code'

WHERE category\_code = '$old\_code' ";

Database::query($sql);

Database::update(

$tbl\_course,

\['category\_code' => $code\],

\['category\_code = ?' => $old\_code\]

);

  

Database::update(

$tbl\_category,

Expand Down

CVE-2023-37062: Course: filter HTML when saving/updating category · chamilo/chamilo-lms@c263933

Chamilo 1.11.x up to 1.11.20 allows users with an admin privilege account to insert XSS in the languages management section.

Expand Up

@@ -195,13 +195,15 @@

  

if (isset($\_POST\['Submit'\]) && $\_POST\['Submit'\]) {

// changing the name

$name = Database::escape\_string($\_POST\['txt\_name'\]);

$name = html\_filter($\_POST\['txt\_name'\]);

$postId = (int) $\_POST\['edit\_id'\];

$sql = "UPDATE $tbl\_admin\_languages SET original\_name='$name'

WHERE id='$postId'";

$result = Database::query($sql);

Database::update(

$tbl\_admin\_languages,

\['original\_name' => $name\],

\['id = ?' => $postId\]

);

// changing the Platform language

if ($\_POST\['platformlanguage'\] && $\_POST\['platformlanguage'\] != '') {

if (isset($\_POST\['platformlanguage'\]) && $\_POST\['platformlanguage'\] != '') {

api\_set\_setting('platformLanguage', $\_POST\['platformlanguage'\], null, null, $\_configuration\['access\_url'\]);

}

} elseif (isset($\_POST\['action'\])) {

Expand Down

CVE-2023-37061: Admin: filter HTML when updating language · chamilo/chamilo-lms@75e9b3e

Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the extra fields management section.

CVE-2023-37064: Security issues - Chamilo LMS

Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the careers & promotions management section.

CVE-2023-37063: Security issues - Chamilo LMS

Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the classes/usergroups management section.

Tag

#sql