Drizzle ORM has SQL injection via improperly escaped SQL identifiers

Summary Drizzle ORM improperly escaped quoted SQL identifiers in its dialect-specific escapeName implementations. In affected versions, embedded identifier delimiters were not escaped before the identifier was wrapped in quotes or backticks. As a result, applications that pass attacker-controlled...

SingleStore: 2FA bypass possible on https://authsvc.singlestore.com

A vulnerability was discovered that allowed the 2FA authentication mechanism to be bypassed completely. An attacker could access the victim's account by only knowing the email address and password, without requiring the 2FA code...

Workspace App for Windows appears for AllAccount although only one store is configured

Citrix Workspace App for Windows appears for all accounts although with just one store configuration. Workspace App should appear like this if only one store is configured...

jeecms JSPGOU single-store version v6.0 has multiple stored cross-site scripting vulnerabilities

jspgou is based on java technology development of e-commerce management software. There are multiple stored cross-site scripting vulnerabilities in jeecms JSPGOU Single Store Edition v6.0. Due to the front-end input filtering is not strict, the background operation is not verified source, allowin...

DSShop open source single store mall system V1.5 there are arbitrary file deletion vulnerability

DSShop is based on ThinkPHP5 framework for the development of a single store mall system, full support for PC, WAP, microblogging and other terminal equipment, designed for business users to adapt to the entire business model of the solution, can fully meet the operational needs. DSShop open sour...

XDcms订餐网站系统单店版注入(demo测试)

简要描述： rt 详细说明： 黑盒demo测试 首先注册一个用户，然后修改用户资料 http://dd.xdcms.cn/index.php?m=member&f=edit 修改完成之后，下单点餐。 然后报错了。二次注入 由于demo有安全狗，就没用深入测试了。 漏洞证明：...