CVE-2023-24773

Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/database/list...

CVE-2023-24782

Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/database/edit...

FunAdmin SQL注入漏洞

FunAdmin is FunAdmin open source development based on ThinkPHP6+Layui a lightweight high-profile back-end development system . FunAdmin version 3.2.0 there is a security vulnerability , the vulnerability stems from the /databases/database/list through the id parameter found to contain SQL injecti...

CVE-2023-24782

CVE-2023-24782 corresponds to a SQL injection vulnerability in Funadmin v3.2.0. The flaw is exploitable via the id parameter on the /databases/database/edit endpoint, allowing unauthorized access/manipulation of database content. The CVSS v3.1 metrics show a CRITICAL base score of 9.8 (Network ac...

CVE-2023-24782

Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/database/edit...

PT-2023-19772 · Funadmin · Funadmin

Name of the Vulnerable Software and Affected Versions: Funadmin version 3.2.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the id parameter at the "/databases/database/list" API endpoint. Recommendations: For Funadmin version 3.2.0,...

FunAdmin SQL注入漏洞

FunAdmin is FunAdmin open source development based on ThinkPHP6+Layui a lightweight high-profile back-end development system . FunAdmin version 3.2.0 there is a security vulnerability , the vulnerability stems from the id parameter found through the databases/table/columns contains SQL injection...

CVE-2023-24773

CVE-2023-24773 affects Funadmin v3.2.0. The vulnerability is a SQL injection in the id parameter of the /databases/database/list endpoint. Public summaries consistently describe it as a high-severity issue (CVSS v3.1: 9.8, CRITICAL) with network attack vector, no authentication, and impact to con...

CVE-2023-24780

Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/table/columns...

This Week in Spring - March 7th, 2023

Hi, Spring fans! Welcome to another installment of This Week in Spring! It's an amazing week, and this week we've got a lot to look at. Let's dive right into it. Spring Cloud Function for Azure Function Spring Data 2022.0.3 and 2021.2.9 released Spring R2DBC for Reactive Relational Databases in...

CVE-2023-24780

Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/table/columns...

DNA testing company fined after customer data theft

DNA Diagnostics Center DDC, an Ohio-based private DNA testing company, last week reached a settlement deal with the Ohio and Pennsylvania state attorneys general in relation to a 2021 breach that saw the theft of 45,000 residents' personal details. Overall the attack compromised over 2.1 million...

[SECURITY] Fedora 36 Update: phpMyAdmin-5.2.1-1.fc36

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. Currently it can create and drop databases, create/drop/alter tables, delete/edit/add fields, execute any SQL statement, manage keys on fields, manage privileges,export data into various formats and i...

Breaking the Security "Black Box" in DBs, Data Warehouses and Data Lakes

Security teams typically have great visibility over most areas, for example, the corporate network, endpoints, servers, and cloud infrastructure. They use this visibility to enforce the necessary security and compliance requirements. However, this is not the case when it comes to sensitive data...

SUSE CVE-2004-0957

Unknown vulnerability in MySQL 3.23.58 and earlier, when a local user has privileges for a database whose name includes a "" underscore, grants privileges to other databases that have similar names, which can allow the user to conduct unauthorized activities...

SUSE CVE-2005-4591

Heap-based buffer overflow in bogofilter 0.96.2, 0.95.2, 0.94.14, 0.94.12, and other versions from 0.93.5 to 0.96.2, when using Unicode databases, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via "invalid input sequences" that lead to heap...

SUSE CVE-2012-3441

The database creation script module/idoutils/db/scripts/createmysqldb.sh in Icinga 1.7.1 grants access to all databases to the icinga user, which allows icinga users to access other databases via unspecified vectors...

SUSE CVE-2012-5578

Python keyring has insecure permissions on new databases allowing world-readable files to be created...

SUSE CVE-2013-0880

Use-after-free vulnerability in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to databases...

SUSE CVE-2018-9327

Etherpad 1.5.x and 1.6.x before 1.6.4 allows an attacker to execute arbitrary code on the server. The instance has to be configured to use a document database DirtyDB, CouchDB, MongoDB, or RethinkDB...