#vulnerability

cart2quote/module-quotation-encoded extension may expose a critical security vulnerability by utilizing the unserialize function when processing data from a GET request. This flaw, present in the app/code/community/Ophirah/Qquoteadv/controllers/DownloadController.php and app/code/community/Ophirah/Qquoteadv/Helper/Data.php files, poses a significant risk of Remote Code Execution, especially when custom file options are employed on a product. Attackers exploiting this vulnerability could execute arbitrary code remotely, leading to unauthorized access and potential compromise of sensitive data.

The codehighlight extension bundles a vulnerable version of the 3rd party JavaScript component “prism” which is known to be vulnerable against Regular expression Denial of Service (ReDoS).

The codehighlight extension bundles a vulnerable version of the 3rd party JavaScript component “prism” which is known to be vulnerable against Regular expression Denial of Service (ReDoS).

amphp/http versions before 1.0.1 allows an attacker to supply invalid input in the Host header which may lead to various type of Host header injection attacks.

In artax version before 1.0.6 and 2 before 2.0.6, cookies of `foo.bar.example.com` were leaked to `foo.bar`. Additionally, any site could set cookies for any other site. Artax fixed this issue by following newer browser implementations now. Cookies can only be set on domains higher or equal to the current domain, but not on any public suffixes.

The encryption and decryption process were vulnerable against the Bleichenbacher's attack, which is a padding oracle vulnerability disclosed in the 98'. The issue was about the wrong padding utilized, which allowed to retrieve the encrypted content. The OPENSSL_PKCS1_PADDING version, aka PKCS v1.5 was vulnerable (is the one set by default when using openssl_* methods), while the PKCS v2.0 isn't anymore (it's also called OAEP). A fix for this vulnerability was merged at https://github.com/Cosmicist/AsymmetriCrypt/pull/5/commits/a0318cfc5022f2a7715322dba3ff91d475ace7c6.

In alterphp/easyadmin-extension-bundle, role based access rules do not handle action name case sensitivity which may lead to unauthorized access.

The ADOdb Library for PHP prior to version 5.20.11 is prone to SQL Injection vulnerability in multiple drivers.

### Impact This is a cross-site scripting vulnerability which affects every version of Mautic and could allow an attacker unauthorised administrator level access to Mautic. This vulnerability was reported by Naveen Sunkavally at Horizon3.ai. ### Patches Upgrade to 3.2.4 or 2.16.5. Link to patch for 2.x versions: https://github.com/mautic/mautic/compare/2.16.4...2.16.5.diff Link to patch for 3.x versions: https://github.com/mautic/mautic/compare/3.2.2...3.2.4.diff ### Workarounds None ### For more information If you have any questions or comments about this advisory: * Post in https://forum.mautic.org/c/support * Email us at security@mautic.org

### Impact SQL injection is possible when using the non-default connection property `preferQueryMode=simple` in combination with application code which has a vulnerable SQL that negates a parameter value. There is no vulnerability in the driver when using the default, extended query mode. Note that `preferQueryMode` is not a supported parameter in Redshift JDBC driver, and is inherited code from Postgres JDBC driver. Users who do not override default settings to utilize this unsupported query mode are not affected. ### Patch This issue is patched in driver version 2.1.0.28. ### Workarounds Do not use the connection property `preferQueryMode=simple`. (NOTE: If you do not explicitly specify a query mode, then you are using the default of extended query mode and are not affected by this issue.) ### References Similar to finding in Postgres JDBC: https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56 If you have any questions or comments about this advisory, we a...