The extension fails to properly sanitize user input and is susceptible to SQL Injection.
Tag: SQL Injection
ASA-2019-00186 – Magento: SQL injection due to inadequate validation of user input
An authenticated user with privileges to configure email template scan can execute arbitrary SQL queries.
ASA-2019-00177 – Magento: SQL Injection vulnerability through an unauthenticated user
An unauthenticated user can execute arbitrary code through an SQL injection vulnerability, which causes sensitive data leakage. NOTE: This patch is not included in 2.1.17. Please apply PRODSECBUG-2198 patch in addition to upgrade to 2.1.17.
ASA-2019-00176 – Magento: SQL Injection and Stored Cross-Site Scripting (XSS) vulnerability in Catalog section
An authenticated user can embed malicious code through a Stored Cross-Site Scripting vulnerability (XSS) or an SQL Injection vulnerability in the Catalog section by manipulating attribute_code.
ASA-2019-00036 – phpMyAdmin: SQL injection in Designer feature
A vulnerability was reported where a specially crafted username can be used to trigger an SQL injection attack through the designer feature.
ASA-2018-00050 – PostgreSQL: SQL injection via pg_upgrade and pg_dump
Using a purpose-crafted trigger definition, an attacker can run arbitrary SQL statements with superuser privileges when a superuser runs pg_upgrade on the database or during a pg_dump dump/restore cycle. This attack requires a CREATE privilege on some non-temporary schema or a TRIGGER privilege on a table. This is exploitable in the default PostgreSQL configuration, where all users have CREATE privilege on public schema.
ASA-2018-00025 – Ruby gem mysql-binuuid-rails: SQL Injection
mysql-binuuid-rails uses a data type that is derived from the base Binary type, except, it doesn’t convert the value to hex. Instead, it assumes the string value provided is a valid hex string and doesn’t do any checks on it. ActiveRecord does not explicitly escape the Binary data type (Type::Binary::Data) for mysql. The escaping is implicit as the Binary data type always converts it’s value to a hex string for ActiveRecord to use.