#sql

A security update for Debezium is now available for Red Hat Integration. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41946: A flaw was found in org.postgresql. This issue allows the creation of a temporary file when using PreparedStatement.setText(int, InputStream) and PreparedStatemet.setBytea(int, InputStream). This could allow a user to create an unexpected file available to all users, which could end in unexpected behavior.

Bang Resto version 1.0 suffers from multiple SQL injection vulnerabilities. Original discovery of SQL injection in this version is attributed to nu11secur1ty in December of 2022.

GDidees CMS version 3.9.1 suffers from file disclosure and directory traversal vulnerabilities.

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Faturamatik Bircard allows SQL Injection.This issue affects Bircard: before 23.04.05.

SQL injection vulnerability found in PrestaShopleurlrewrite v.1.0 and before allow a remote attacker to gain privileges via the Dispatcher::getController component.

The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not properly escape values used in SQL queries, leading to an Blind SQL Injection vulnerability. The attacker must have at least the privileges of an Author, and the vendor's Slider plugin (https://wordpress.org/plugins/slider-bws/) must also be installed for this vulnerability to be exploitable.

The WC Fields Factory WordPress plugin through 4.1.5 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Veragroup Mobile Assistant allows SQL Injection.This issue affects Mobile Assistant: before 21.S.2343.

Auth. (admin+) SQL Injection (SQLi) vulnerability in TransbankDevelopers Transbank Webpay REST plugin <= 1.6.6 versions.

A vulnerability has been found in SourceCodester Judging Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file edit_contestant.php. The manipulation of the argument contestant_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-226147.