Security
Headlines
HeadlinesLatestCVEs

Tag

#sql

GHSA-j3v8-v77f-fvgm: Grav Server-side Template Injection (SSTI) via Denylist Bypass Vulnerability

Hi, actually we have sent the bug report to security@getgrav.org on 27th March 2023 and on 10th April 2023. # Grav Server-side Template Injection (SSTI) via Denylist Bypass Vulnerability ## Summary: | **Product** | Grav CMS | | ----------------------- | --------------------------------------------- | | **Vendor** | Grav | | **Severity** | High - Users with login access to Grav Admin panel and page creation/update permissions are able to obtain remote code/command execution | | **Affected Versions** | <= [v1.7.40](https://github.com/getgrav/grav/tree/1.7.40) (Commit [685d762](https://github.com/getgrav/grav/commit/685d76231a057416651ed192a6a2e83720800e61)) (Latest version as of writing) | | **Tested Versions** | v1.7.40 | | **Internal Identifier** | STAR-2023-0006 | | **CVE Identifier** | R...

ghsa
Open in Source
#sql#vulnerability#web#mac#apache#js#git#php#rce
GHSA-f9jf-4cp4-4fq5: Grav Server Side Template Injection (SSTI) vulnerability

### Summary I found an RCE(Remote Code Execution) by SSTI in the admin screen. ### Details Remote Code Execution is possible by embedding malicious PHP code on the administrator screen by a user with page editing privileges. ### PoC 1. Log in to the administrator screen and access the edit screen of the default page "Typography". (`http://127.0.0.1:8000/admin/pages/typography`) 2. Open the browser's console screen and execute the following JavaScript code to confirm that an arbitrary command (`id`) is being executed. ```js (async () => { const nonce = document.querySelector("input[name=admin-nonce]").value; const id = document.querySelector("input[name=__unique_form_id__]").value; const payload = "{{['id']|map('system')|join}}"; // SSTI Payload const params = new URLSearchParams(); params.append("task", "save"); params.append("data[header][title]", "poc"); params.append("data[content]", payload); params.append("data[folder]", "poc"); params.append("data[route]", "...

GHSA-934g-fvcc-4833: jeecg-boot SQL injection vulnerability

jeecg-boot 3.5.0 and 3.5.1 have a SQL injection vulnerability the `id` parameter of the `/jeecg-boot/jmreport/show` interface.

Active exploitation of the MOVEit Transfer vulnerability — CVE-2023-34362 — by Clop ransomware group

The Clop ransomware group has claimed responsibility for exploiting the vulnerability to deploy a previously unseen web shell, LemurLoot.

Third MOVEit Transfer Vulnerability Disclosed by Progress Software

MOVEit has created a patch to fix the issue and urges customers to take action to protect their environments, as Cl0p attacks continue to mount, including on government targets.

CVE-2023-34659: Unauthorized SQL injection in Jeecg3.5.0 and 3.5.1 · Issue #4976 · jeecgboot/jeecg-boot

jeecg-boot 3.5.0 and 3.5.1 have a SQL injection vulnerability the id parameter of the /jeecg-boot/jmreport/show interface.

CVE-2023-30625: fix: always use a sql safe table name in failed events manager (#2664) · rudderlabs/rudder-server@0d061ff

rudder-server is part of RudderStack, an open source Customer Data Platform (CDP). Versions of rudder-server prior to 1.3.0-rc.1 are vulnerable to SQL injection. This issue may lead to Remote Code Execution (RCE) due to the `rudder` role in PostgresSQL having superuser permissions by default. Version 1.3.0-rc.1 contains patches for this issue.

QuickJob Portal 6.1 Cross Site Scripting

QuickJob Portal version 6.1 suffers from a cross site scripting vulnerability.

Quicklancer Freelance Marketplace 2.4 Cross Site Scripting

Quicklancer Freelance Marketplace version 2.4 suffers from a cross site scripting vulnerability.

QuickHomes Real Estate CMS 1.3 Cross Site Scripting

QuickHomes Real Estate CMS version 1.3 suffers from a cross site scripting vulnerability.