Security
Headlines
HeadlinesLatestCVEs

Tag

#sql

CVE-2023-23839: SolarWinds Platform 2023.2 Release Notes

The SolarWinds Platform was susceptible to the Exposure of Sensitive Information Vulnerability. This vulnerability allows users to access Orion.WebCommunityStrings SWIS schema object and obtain sensitive information.

CVE
#sql#vulnerability#web#mac#windows#auth#ssh#zero_day
GHSA-p379-cxqh-q822: SQL filter bypass leading to arbitrary write requests using "SQL Manager"

### Impact SQL filtering vulnerability, a BO user can write, update and delete in the database, even without having specific rights. ### Patches PrestaShop 8.0.4 and 1.7.8.9 will contain the patch. ### Workarounds no ### References no

CVE-2023-30839: SQL filter bypass leading to arbitrary write requests using "SQL Manager"

PrestaShop is an Open Source e-commerce web application. Versions prior to 8.0.4 and 1.7.8.9 contain a SQL filtering vulnerability. A BO user can write, update, and delete in the database, even without having specific rights. PrestaShop 8.0.4 and 1.7.8.9 contain a patch for this issue. There are no known workarounds.

CVE-2021-23166: [SEC] CVE-2021-23166 - A sandboxing issue in Odoo Community 15.0 and... · Issue #107687 · odoo/odoo

A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read and write local files on the server.

CVE-2023-23837: DPA 2023.2 Release Notes

No exception handling vulnerability which revealed sensitive or excessive information to users.

CVE-2023-30545: Arbitrary file read

PrestaShop is an Open Source e-commerce web application. Prior to versions 8.0.4 and 1.7.8.9, it is possible for a user with access to the SQL Manager (Advanced Options -> Database) to arbitrarily read any file on the operating system when using SQL function `LOAD_FILE` in a `SELECT` request. This gives the user access to critical information. A patch is available in PrestaShop 8.0.4 and PS 1.7.8.9

Red Hat Security Advisory 2023-1961-01

Red Hat Security Advisory 2023-1961-01 - The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Issues addressed include a denial of service vulnerability.

Millions of Artifacts, Misconfigured Enterprise Software Registries Are Ripe for Pwning

Researchers find 250 million artifacts and 65,000 container images exposed in registries and repositories scattered across the Internet.

CVE-2023-1020

The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.

CVE-2023-0388

The Random Text WordPress plugin through 0.3.0 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscribers.