Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the startDate parameter at getproductreport.php.

CVE-2022-34945

Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the startDate parameter at getexpproduct.php.

CVE-2022-34946

PyroCMS v3.9 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities.

CVE-2022-35118: AARO-Bugs/AARO-CVE-List.md at master · Accenture/AARO-Bugs

PrestaShop is an Open Source e-commerce platform. In versions from 1.6.0.10 and before 1.7.8.7 PrestaShop is subject to an SQL injection vulnerability which can be chained to call PHP's Eval function on attacker input. The problem is fixed in version 1.7.8.7. Users are advised to upgrade. Users unable to upgrade may delete the MySQL Smarty cache feature.

@@ -25,6 +25,14 @@

\*/

class Smarty\_CacheResource\_Mysql extends Smarty\_CacheResource\_Custom

{

/\*\* @var PhpEncryption \*/

private $phpEncryption;

  

public function \_\_construct()

{

$this\->phpEncryption = new PhpEncryption(\_NEW\_COOKIE\_KEY\_);

}

  

/\*\*

\* fetch cached content and its modification time from data source.

\*

@@ -39,7 +47,7 @@ protected function fetch($id, $name, $cache\_id, $compile\_id, &$content, &$mtime)

{

$row = Db::getInstance()->getRow('SELECT modified, content FROM ' . \_DB\_PREFIX\_ . 'smarty\_cache WHERE id\_smarty\_cache = "' . pSQL($id, true) . '"');

if ($row) {

$content = $row\['content'\];

$content = $this\->phpEncryption\->decrypt($row\['content'\]);

$mtime = strtotime($row\['modified'\]);

} else {

$content = null;

@@ -87,7 +95,7 @@ protected function save($id, $name, $cache\_id, $compile\_id, $exp\_time, $content)

"' . pSQL($id, true) . '",

"' . pSQL(sha1($name)) . '",

"' . pSQL($cache\_id, true) . '",

"' . pSQL($content, true) . '"

"' . $this\->phpEncryption\->encrypt($content) . '"

)');

  

return (bool) Db::getInstance()->Affected\_Rows();

CVE-2022-31181: Merge pull request from GHSA-hrgx-p36p-89q4 · PrestaShop/PrestaShop@b6d96e7

CodeIgniter CMS version 4.2.0 suffers from a remote SQL injection vulnerability.

    [+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]                                                                                      [+]Exploit Title    : CodeIgniter CMS Version 4.2.0  Sql Injection Vulnerability                         [+]                                                                                         [+]Exploit Author   : E1.Coders                                           [+]                                                                                          [+]Vendor Homepage  : https://www.codeigniter.com/                                       [+]                                                                                       [+]Google Dork ONE  : searchResult/?title=[+]    [+]Google Dork Two  : Job/searchResult/?title=  [+]                                                                                     [+]Date             : 15 / 05 / 2022                                                                [+]                                                                                     [+]Tested On        : windows + linux                                              [+]                                                                                        [+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~>DESCRITION   <~ ~ ~ [+] [+] CodeIgniter CMS suffers from a remote SQL injection vulnerability. [+] "codeigniter vulnerability ::$DATA view source code"[+] Note that this find contains information about the site.[+] CodeIgniter CMS SQL injection vulnerabilities were found and confirmed in the software as an anonymous user.[+] A successful attack could allow an unknown attacker to access information such as username and password hashes stored in the database.[+] The following URLs and parameters have been confirmed to suffer from SQL injection.                                                                                        [+] [+]~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~>  Location   <~ ~ ~                           [+] SQL ERROR Location                                                                                        [+] http://www.site.com/Job/searchResult/?title=[SQL]                                              [+] [+]~ ~ ~~ ~ ~~  ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~ ~~ ~ ~~ ~ ~~ ~~~~~~ ~~ ~>   DEMO      <~ ~ ~                       [+][+][+] ERROR : https://[removed].com/Job/searchResult/?title=123%27[+][+] ERROR : https://[removed].com/Job/city/%D8%A7%D8%B3%D8%AA%D8%AE%D8%AF%D8%A7%D9%85-%D9%85%D8%B4%D9%87%D8%AF'  (OR= or ==)[+][+] ERROR : https://[removed].ir/?per_page=400%2[+][+] ERROR : https://[removed].ir/Job/search/NULL/%D8%A2%D8%A8%D8%A7%D8%AF%D8%A7%D9%86'/NULL/NULL/0[+] [+] ERROR : https://[removed].com/login/       (username = '  Password = ')[+][+] ERROR : https://[removed].com/search.php?search=1'[+][+] ERROR : https://[removed].com/news.php?p=7251'[+][+] ERROR : https://[removed].com/employe/show.php?cvid=14088'[+][+] ERROR : https://[removed].com/states/%D8%AA%D9%87%D8%B1%D8%A7%D9%86'[+][+] ERROR : https://[removed].com/fa/index.asp?p=search&search=1[+][+] ERROR : https://[removed].com/fa/FormView/1026'[+][+] ERROR : https://[removed].com/fa/formview/1030' [+] And Google More . . . \ .[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]  Methode Attack :[+]  [+] Step 1 : Enter the URL of the page that has the problem of sql injection attacks[+] [+] Step 2 :  Add a variable "  OR ' to the end of  the URL "request"[+] To display the PHP error related to not controlling the functions that cause the attacker to attack  '[+] [+] Step 3 :  Use sqlmap: python sqlmap.py -u "https://[removed].com/Job/searchResult/?title=123"[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+] [+] About CMS :[+] [+] Codeigniter is an open source web software framework used to build dynamic websites. [+] This framework, which is written in PHP language, [+] accelerates the development of software by coding from the beginning. This acceleration is done by the framework's libraries, [+] many of which make common tasks simple. The first public release of CodeIgniter was on February 28, 2006[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+] [+] Explanation of vulnerability :[+] [+] The remote attacker can test the SQL Inject attack by injecting a 'variable' and after displaying the PHP error related to not controlling the functions that cause the SQL Inject attack[+] And the attacker can execute attacks with SQL Inject commands or execute attacks with ready tools such as Squat Map.[+] [+] All different parts of the site have this security problem[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+] [+] Solution :[+] [+] [+] Use parameter input validation to be modified to prevent attacks[+] "codeigniter vulnerability ::$DATA view source code"[+] [+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]

CodeIgniter CMS 4.2.0 SQL Injection

Crime Reporting System version 1.0 suffers from a remote SQL injection vulnerability.

    # Exploit Title: Crime Reporting System - Blind SQL Injection on Login email parameter # Date: 31/07/2022# Exploit Author: saitamang# Vendor Homepage: code-projects.org# Software Link: https://download-media.code-projects.org/2020/07/Online_Crime_Reporting_System_Project_Report_IN_PHP_CSS_Js_AND_MYSQL__FREE_DOWNLOAD.zip# Version: 1.0# Tested on: Centos 7 apache2 + MySQLCrime Reporting System sustained to the attack Blind SQL Injection at the login page on email parameter.# Payload used --> 'or sleep(5)#

Crime Reporting System 1.0 SQL Injection

The Youzify WordPress plugin before 1.2.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection

CVE-2022-1950

Pandora FMS v7.0NG.760 and below allows an improper access control in Configuration (Credential store) where a user with the role of Operator (Write) could create, delete, view existing keys which are outside the intended role.

CVE

Vulnerability description

Publication Date

Solution

Assigner CNA

Reported By:

CVE-2022-2059

In Pandora FMS v7.0NG.761 and below, in the agent creation section, the **alias** parameter is vulnerable to a Stored Cross Site-Scripting. This vulnerability can be exploited by an attacker with administrator privileges logged in the system.

14-06-2022

This vulnerability has been solved in the 762 version of Pandora FMS.

Ártica PFMS

External analysis

CVE-2022-2032

In Pandora FMS v7.0NG.761 and below, in the file manager section, the **dirname** parameter is vulnerable to a Stored Cross Site-Scripting. This vulnerability can be exploited by an attacker with administrator privileges logged in the system.

14-06-2022

This vulnerability has been solved in the 762 version of Pandora FMS.

Ártica PFMS

External analysis

CVE-2022-1648

Pandora FMS v7.0NG.760 and below allows a relative path traversal in File Manager where a privileged user could upload a .php file outside the intended images directory which is restricted to execute the .php file. The impact could lead to a Remote Code Execution with running application privilege.

13-05-2022

This vulnerability has been solved in the 761 version of Pandora FMS.

Ártica PFMS

External analysis

CVE-2022-26310

Pandora FMS v7.0NG.760 and below allows an improper authorization in User Management where any authenticated user with access to the User Management module could create, modify or delete any user with full admin privilege. The impact could lead to a vertical privilege escalation to access the privileges of a higher-level user or typically an admin user.

13-05-2022

This vulnerability has been solved in the 761 version of Pandora FMS.

Ártica PFMS

External analysis

CVE-2022-26309

Pandora FMS v7.0NG.760 and below allows a Cross-Site Request Forgery in Bulk operation (User operation) resulting in an elevation of privilege to Administrator group.

13-05-2022

This vulnerability has been solved in the 761 version of Pandora FMS.

Ártica PFMS

External analysis

CVE-2022-26308

Pandora FMS v7.0NG.760 and below allows an improper access control in Configuration (Credential store) where a user with the role of Operator (Write) could create, delete, view existing keys which are outside the intended role.

13-05-2022

This vulnerability has been solved in the 761 version of Pandora FMS.

Ártica PFMS

External analysis

CVE-2021-46681

There is an XSS vulnerability in Pandora FMS version 756 and below, which allows an attacker to execute javascript code through the **massive operation** name field.

21-02-2022

This vulnerability has been solved in the 757 version of Pandora FMS.

Ártica PFMS

Internal analysis

CVE-2021-46680

There is an XSS vulnerability in Pandora FMS version 756 and below, which allows an attacker to execute javascript code through the **module form** name field.

21-02-2022

This vulnerability has been solved in the 757 version of Pandora FMS.

Ártica PFMS

Internal analysis

CVE-2021-46679

There is an XSS vulnerability in Pandora FMS version 756 and below, which allows an attacker to execute javascript code through **service elements**.

21-02-2022

This vulnerability has been solved in the 757 version of Pandora FMS.

Ártica PFMS

Internal analysis

CVE-2021-46678

There is an XSS vulnerability in Pandora FMS version 756 and below, which allows an attacker to execute javascript code through the **service** name field.

21-02-2022

This vulnerability has been solved in the 757 version of Pandora FMS.

Ártica PFMS

Internal analysis

CVE-2021-46677

There is an XSS vulnerability in Pandora FMS version 756 and below, which allows an attacker to execute javascript code through the **event filter** name field.

21-02-2022

This vulnerability has been solved in the 757 version of Pandora FMS.

Ártica PFMS

Internal analysis

CVE-2021-46676

There is an XSS vulnerability in Pandora FMS version 756 and below, which allows an attacker to execute javascript code through the **transactional maps** name field.

21-02-2022

This vulnerability has been solved in the 757 version of Pandora FMS.

Ártica PFMS

Internal analysis

CVE-2022-0507

Found a potential security vulnerability inside the Pandora API. Affected Pandora FMS version range: all versions of NG version, up to OUM 759. This vulnerability could allow an attacker with authenticated IP to inject SQL.

10-02-2022

This vulnerability has been solved in the 760 version of Pandora FMS.

Ártica PFMS

\-

CVE-2022-26308: Coordinated CVEs

An update for the ruby:2.5 module is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:
* CVE-2021-41817: ruby: Regular expression denial of service vulnerability of Date parsing methods
* CVE-2021-41819: ruby: Cookie prefix spoofing in CGI::Cookie.parse


RHSA-2022:5779: Red Hat Security Advisory: ruby:2.5 security update

Categories: A week in security
Tags: backdoor

Tags: blog recap

Tags: bytedance

Tags: cookies

Tags: data breach

Tags: Google

Tags: linux

Tags: microsoft

Tags: ransomware

Tags: SQL injection

Tags: T-Mobile

Tags: tiktok

Tags: Uber

Tags: week in security

The most important and interesting computer security stories from the last week.



(Read more...)




The post A week in security (July 25 - July 31) appeared first on Malwarebytes Labs.

twitter

facebook

linkedin

Youtube

instagram

Cybersecurity info you can't do without

Want to stay informed on the latest news in cybersecurity? Sign up for our newsletter and learn how to protect your computer from threats.

Cyberprotection for every one.

FOR PERSONAL

Windows

Mac

iOS

Android

Privacy VPN

SEE ALL

COMPANY

About Us

Contact Us

Careers

News and Press

Blog

Scholarship

Forums

FOR BUSINESS

Small Businesses

Mid-size Businesses

Large Enterprise

Endpoint Protection

Endpoint Detection & Response

MY ACCOUNT

Sign In

SOLUTIONS

Free Rootkit Scanner

Free Trojan Scanner

Free Virus Scanner

Free Spyware Scanner

Anti Ransomware Protection

SEE ALL

ADDRESS

3979 Freedom Circle  
12th Floor  
Santa Clara, CA 95054

ADDRESS

One Albert Quay  
2nd Floor  
Cork T12 X8N6  
Ireland

LEARN

Malware

Hacking

Phishing

Ransomware

Computer Virus

Antivirus

COMPANY

About Us

Contact Us

Careers

News and Press

Blog

Scholarship

Forums

MY ACCOUNT

Sign In

ADDRESS

3979 Freedom Circle, 12th Floor  
Santa Clara, CA 95054

ADDRESS

One Albert Quay, 2nd Floor  
Cork T12 X8N6  
Ireland

Tag

#sql