Allele Security Intelligence

ASA-2019-00586 – TYPO3 extension URL redirect (url_redirect): SQL Injection

Posted on October 22, 2019October 22, 2019 by Allele Security Intelligence in Alerts

The extension fails to properly sanitize user input and is susceptible to SQL Injection.

ASA-2019-00186 – Magento: SQL injection due to inadequate validation of user input

Posted on April 16, 2019April 17, 2019 by Allele Security Intelligence in Alerts

An authenticated user with privileges to configure email template scan can execute arbitrary SQL queries.

ASA-2019-00177 – Magento: SQL Injection vulnerability through an unauthenticated user

Posted on April 15, 2019April 16, 2019 by Allele Security Intelligence in Alerts

An unauthenticated user can execute arbitrary code through an SQL injection vulnerability, which causes sensitive data leakage. NOTE: This patch is not included in 2.1.17. Please apply PRODSECBUG-2198 patch in addition to upgrade to 2.1.17.

ASA-2019-00176 – Magento: SQL Injection and Stored Cross-Site Scripting (XSS) vulnerability in Catalog section

Posted on April 15, 2019April 15, 2019 by Allele Security Intelligence in Alerts

An authenticated user can embed malicious code through a Stored Cross-Site Scripting vulnerability (XSS) or an SQL Injection vulnerability in the Catalog section by manipulating attribute_code.

ASA-2019-00036 – phpMyAdmin: SQL injection in Designer feature

Posted on January 29, 2019June 2, 2019 by Allele Security Intelligence in Alerts

A vulnerability was reported where a specially crafted username can be used to trigger an SQL injection attack through the designer feature.

ASA-2018-00050 – PostgreSQL: SQL injection via pg_upgrade and pg_dump

Posted on November 18, 2018February 1, 2019 by Allele Security Intelligence in Alerts

Using a purpose-crafted trigger definition, an attacker can run arbitrary SQL statements with superuser privileges when a superuser runs pg_upgrade on the database or during a pg_dump dump/restore cycle. This attack requires a CREATE privilege on some non-temporary schema or a TRIGGER privilege on a table. This is exploitable in the default PostgreSQL configuration, where all users have CREATE privilege on public schema.

ASA-2018-00025 – Ruby gem mysql-binuuid-rails: SQL Injection

Posted on November 3, 2018February 1, 2019 by Allele Security Intelligence in Alerts

mysql-binuuid-rails uses a data type that is derived from the base Binary type, except, it doesn’t convert the value to hex. Instead, it assumes the string value provided is a valid hex string and doesn’t do any checks on it. ActiveRecord does not explicitly escape the Binary data type (Type::Binary::Data) for mysql. The escaping is implicit as the Binary data type always converts it’s value to a hex string for ActiveRecord to use.