A vulnerability was found in ttskch PaginationServiceProvider up to 0.x. It has been declared as critical. This vulnerability affects unknown code of the file demo/index.php of the component demo. The manipulation of the argument sort/id leads to sql i…
[github.com/square/squalor] Squalor SQL Injection vulnerability
A vulnerability, which was classified as critical, was found in square squalor. This affects an unknown part. The manipulation leads to sql injection. Upgrading to version v0.0.0 is able to address this issue. The name of the patch is f6f0a47cc34471104…
[github.com/elgs/gosqljson] gosqljson SQL Injection vulnerability
A vulnerability, which was classified as critical, has been found in elgs gosqljson. This issue affects the function QueryDbToArray/QueryDbToMap/ExecDb of the file gosqljson.go. The manipulation of the argument sqlStatement leads to sql injection. The …
[kelvinmo/simplexrd] kelvinmo simplexrd vulnerable to Improper Restriction of XML External Entity Reference
A vulnerability classified as problematic was found in kelvinmo simplexrd up to 3.1.0. This vulnerability affects unknown code of the file simplexrd/simplexrd.class.php. The manipulation leads to xml external entity reference. Upgrading to version 3.1….
[com.anrisoftware.globalpom:globalpomutils] globalpom-utils has Insecure Temporary File
A vulnerability has been found in devent globalpom-utils up to 4.5.0 and classified as critical. This vulnerability affects the function createTmpDir of the file globalpomutils-fileresources/src/main/java/com/anrisoftware/globalpom/fileresourcemanager/…
[himiklab/yii2-jqgrid-widget] himiklab yii2-jqgrid-widget vulnerable to SQL Injection
A vulnerability was found in himiklab yii2-jqgrid-widget up to 1.0.7. It has been declared as critical. This vulnerability affects the function addSearchOptionsRecursively of the file JqGridAction.php. The manipulation leads to sql injection. Upgrading…
[himiklab/yii2-jqgrid-widget] himiklab yii2-jqgrid-widget vulnerable to SQL Injection
A vulnerability was found in himiklab yii2-jqgrid-widget up to 1.0.7. It has been declared as critical. This vulnerability affects the function addSearchOptionsRecursively of the file JqGridAction.php. The manipulation leads to sql injection. Upgrading…
[github.com/KubeOperator/kubepi] KubePi allows malicious actor to login with a forged JWT token via Hardcoded Jwtsigkeys
Summary
The jwt authentication function of kubepi <= v1.6.2 uses hard-coded Jwtsigkeys, resulting in the same Jwtsigkeys for all online projects. This means that an attacker can forge any jwt token to take over the administrator account of any onlin…
[org.xwiki.contrib:application-ckeditor-ui] XWiki CKEditor.HTMLConverter vulnerable to Remote Code Execution via Cross-Site Request Forgery
Impact
The CKEditor.HTMLConverter document lacked a protection against Cross-Site Request Forgery (CSRF), allowing to execute macros with the rights of the current user. If a privileged user with programming rights was tricked into executing a GET requ…
[dbrisinajumi/d2files] DBRisinajumi d2files SQL Injection vulnerability
A vulnerability has been found in DBRisinajumi d2files and classified as critical. Affected by this vulnerability is the function actionUpload/actionDownloadFile of the file controllers/D2filesController.php. The manipulation leads to sql injection. Up…