30,000 WordPress Sites affected by Arbitrary SQL Execution Vulnerability Patched in Visualizer WordPress Plugin

🎉 Did you know were running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! On April 10th, 2024, during our second Bug Bounty Extravaganza, w...

Visualizer: Tables and Charts Manager for WordPress < 3.11.0 - Missing Authorization to Arbitrary SQL Execution

Description The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to unauthorized modification and retrieval of data due to a missing capability check on the getQueryData function in all versions up to, and including, 3.10.15. This makes it possible for...

PT-2024-9759 · Pgadmin +2 · Pgadmin +2

Name of the Vulnerable Software and Affected Versions: pgAdmin versions = 8.5 Description: The issue exists due to the incorrect implementation of multi-factor authentication in the pgAdmin database management tool. This allows a remote attacker to gain unauthorized access to the application and...

The vulnerability in the `inc/csv.php` script of the WordPress Automatic Plugin, a content management system for WordPress websites, allows attackers to execute arbitrary SQL code.

The vulnerability in the inc/csv.php script of the WordPress Automatic Plugin, a content management system for WordPress websites, relates to the failure to protect the SQL query structure during the processing of the $q variable, as a result of the authentication mechanism being bypassed...

PT-2024-25177 · Unknown · Helloshop Deliveryorderautoupdate

Name of the Vulnerable Software and Affected Versions: Helloshop deliveryorderautoupdate versions 2.8.1 and earlier Description: The issue allows an attacker to run arbitrary SQL commands via the DeliveryorderautoupdateOrdersModuleFrontController::initContent function. This enables the execution ...

Umbraco Workflow's Backoffice users can execute arbitrary SQL

Impact Backoffice users can execute arbitrary SQL. Explanation of the vulnerability A Backoffice user can modify requests to a particular API endpoint to include SQL which will be executed by the server. Affected versions All versions Patches Workflow 10.3.9, 12.2.6, 13.0.6, Plumber 10.1.2...

CVE-2024-32872 Umbraco Workflow's Backoffice users can execute arbitrary SQL

Umbraco workflow provides workflows for the Umbraco content management system. Prior to versions 10.3.9, 12.2.6, and 13.0.6, an Umbraco Backoffice user can modify requests to a particular API endpoint to include SQL, which will be executed by the server. Umbraco Workflow versions 10.3.9, 12.2.6,...

CVE-2024-32872 Umbraco Workflow's Backoffice users can execute arbitrary SQL

Umbraco workflow provides workflows for the Umbraco content management system. Prior to versions 10.3.9, 12.2.6, and 13.0.6, an Umbraco Backoffice user can modify requests to a particular API endpoint to include SQL, which will be executed by the server. Umbraco Workflow versions 10.3.9, 12.2.6,...

CVE-2023-50347

HCL DRYiCE MyXalytics is impacted by an insecure SQL interface vulnerability, potentially giving an attacker the ability to execute custom SQL queries. A malicious user can run arbitrary SQL commands including changing system configuration...

Synology Surveillance Station SQL注入漏洞

Synology Surveillance Station is an application from Synology, a Chinese company. It provides intelligent monitoring and video management tools to protect your valuable assets. A SQL injection vulnerability previously existed in Synology Surveillance Station version 9.2.0-11289, which stemmed fro...

ROS-20240322-03

Vulnerability of REFRESH MATERIALIZED VIEW CONCURRENTLY function of PostgreSQL database management system is related to privilege management errors in processing and checking command line parameters. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary SQ...

Important: Red Hat Security Advisory: postgresql security update

An update for the postgresql:10 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating,...

Important: Red Hat Security Advisory: postgresql security update

An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating,...

The vulnerability of the setTermsHashAction method in the component /opt/webapp/lib/PureApi/CCApi.class.php allows a violator to execute arbitrary SQL queries within the GTB Central Console’s DLP system.

The vulnerability of the setTermsHashAction method in the /opt/webapp/lib/PureApi/CCApi.class.php file of the DLP system’s GTB Central Console relates to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL...

The vulnerability of the ia.core.mysqli.php component of the Intelliants Subrion CMS system allows a hacker to execute arbitrary SQL queries.

The vulnerability of the ia.core.mysqli.php component of the Intelliants Subrion CMS system is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

postgresql: non-owner 'REFRESH MATERIALIZED VIEW CONCURRENTLY' executes arbitrary SQL

A flaw was found in PostgreSQL. A late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL can allow an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling a safe refre...

RLSA-2024:0950 Important: postgresql:15 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: non-owner 'REFRESH MATERIALIZED VIEW CONCURRENTLY' executes arbitrary SQL CVE-2024-0985 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and oth...

RLSA-2024:0956 Important: postgresql:10 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: non-owner 'REFRESH MATERIALIZED VIEW CONCURRENTLY' executes arbitrary SQL CVE-2024-0985 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and oth...

Important: Red Hat Security Advisory: postgresql security update

An update for postgresql is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

Important: Red Hat Security Advisory: postgresql:12 security update

An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8.4 Advanced Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as...