flatCore-CMS Cross-Site Scripting Vulnerability (CNVD-2022-46172)

flatCore-CMS is a PHP and MySQL/SQLite based Web Content Management System CMS. flatCore-CMS version 2.0.9 is vulnerable to a cross-site scripting XSS vulnerability. An attacker could use this vulnerability to inject malicious JavaScript programs, steal cookies from other users, etc...

Vulnerabilities fixed in IBM QRadar SIEM

Vulnerabilities have been fixed in the IBM QRadar Data Synchronization App for IBM QRadar SIEM. The vulnerabilities are are in underlying software and libraries, such as Node.js and SQLite. The vulnerabilities potentially enable a malicious person to able to perform attacks that result in the...

GHSA-J8Q9-5RP9-4MV9 Fix a use-after-free bug in diesels Sqlite backend

An issue was discovered in the diesel crate before 1.4.6 for Rust. There is a use-after-free in the SQLite backend because the semantics of sqlite3columnname are not followed...

Fix a use-after-free bug in diesels Sqlite backend

An issue was discovered in the diesel crate before 1.4.6 for Rust. There is a use-after-free in the SQLite backend because the semantics of sqlite3columnname are not followed...

imgurl sql injection vulnerability

imgurl is a graphical bed application developed using PHP SQLite 3. imgurl version v2.3.1 is vulnerable to SQL injection. The vulnerability originates in /upload/localhost, where the ip is spliced directly into the sql statement, and can be exploited by attackers to cause SQL injection attacks...

imgurl SQL注入漏洞

imgurl is a graphical bed application developed using PHP SQLite 3. imgurl version v2.3.1 is vulnerable to SQL injection. The vulnerability originates in /upload/localhost, where the ip is spliced directly into the sql statement, and can be exploited by attackers to cause SQL injection attacks...

new packages: sqlite

An update is available for sqlite. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Enterprise...

new packages: perl-DBD-SQLite

An update is available for perl-DBD-SQLite. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

T-Soft E-Commerce 4 SQL Injection

Exploit Title: T-Soft E-Commerce 4 - SQLi Authenticated Exploit Author: Alperen Ergel Contact: @alpernae IG/TW Software Homepage: https://www.tsoft.com.tr/ Version : v4 Tested on: Kali Linux Category: WebApp Google Dork: N/A CVE: 2022-28132 Date: 18.02.2022 Description Step-1: Login as Admin or...

NewStart CGSL MAIN 6.02 : sqlite Multiple Vulnerabilities (NS-SA-2022-0052)

The remote NewStart CGSL host, running version MAIN 6.02, has sqlite packages installed that are affected by multiple vulnerabilities: - SQLite through 3.32.0 has an integer overflow in sqlite3strvappendf in printf.c. CVE-2020-13434 - In SQLite before 3.32.3, select.c mishandles query-flattener...

USN-5403-1: SQLite vulnerability

It was discovered that SQLite command-line component incorrectly handled certain queries. An attacker could possibly use this issue to cause a crash or possibly execute arbitrary code...

Ubuntu 18.04 LTS / 20.04 LTS : SQLite vulnerability (USN-5403-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5403-1 advisory. It was discovered that SQLite command-line component incorrectly handled certain queries. An attacker could possibly use this issue to cause a crash o...

Sqlite3 安全漏洞

Sqlite is a lightweight database and ACID-compliant relational database management system. A security vulnerability exists in Sqlite3 versions prior to 5.0.3, which can be exploited by attackers to cause a denial of service DoS attack...

The vulnerability of the PHP programming language interpreter, related to privilege management errors, allows attackers to bypass the protection mechanisms defined by open_basedir.

The vulnerability of the PHP programming language interpreter and the SQLite database management system is related to privilege management errors. Exploiting this vulnerability allows a malicious actor to bypass the protection mechanisms defined by openbasedir...

CVE-2021-36690 affecting package sqlite for versions less than 3.36.0-3

CVE-2021-36690 affecting package sqlite for versions less than 3.36.0-3. A patched version of the package is available...

Aiven Ltd: [Kafka Connect] [JdbcSinkConnector][HttpSinkConnector] RCE by leveraging file upload via SQLite JDBC driver and SSRF to internal Jolokia

Summary: The Aiven JDBC sink includes the SQLite JDBC Driver. This JDBC driver can be used to upload SQLite database files onto the server. The HTTP sink connector allows sending HTTP requests to localhost. There is unprotected Jolokia listening on localhost:6725. JMX exports the...

Google Chrome Input Validation Error Vulnerability (CNVD-2022-31839)

Google Chrome is a web browser from Google, an American company. An input validation error vulnerability exists in SQLite in versions prior to Google Chrome 74.0.3729.131. An attacker can exploit the vulnerability to corrupt the heap with the help of specially crafted HTML pages...

CVE-2022-24854

Metabase is an open source business intelligence and analytics application. SQLite has an FDW-like feature called ATTACH DATABASE, which allows connecting multiple SQLite databases via the initial connection. If the attacker has SQL permissions to at least one SQLite database, then it can attach...

Design/Logic Flaw

Metabase is an open source business intelligence and analytics application. SQLite has an FDW-like feature called ATTACH DATABASE, which allows connecting multiple SQLite databases via the initial connection. If the attacker has SQL permissions to at least one SQLite database, then it can attach...

CVE-2022-24854 Database bypassing any permissions in Metabase via SQlite attach

Metabase is an open source business intelligence and analytics application. SQLite has an FDW-like feature called ATTACH DATABASE, which allows connecting multiple SQLite databases via the initial connection. If the attacker has SQL permissions to at least one SQLite database, then it can attach...