ASA-2019-00176 – Magento: SQL Injection and Stored Cross-Site Scripting (XSS) vulnerability in Catalog section

An authenticated user can embed malicious code through a Stored Cross-Site Scripting vulnerability (XSS) or an SQL Injection vulnerability in the Catalog section by manipulating attribute_code.

ASA-2018-00050 – PostgreSQL: SQL injection via pg_upgrade and pg_dump

Using a purpose-crafted trigger definition, an attacker can run arbitrary SQL statements with superuser privileges when a superuser runs pg_upgrade on the database or during a pg_dump dump/restore cycle. This attack requires a CREATE privilege on some non-temporary schema or a TRIGGER privilege on a table. This is exploitable in the default PostgreSQL configuration, where all users have CREATE privilege on public schema.

ASA-2018-00025 – Ruby gem mysql-binuuid-rails: SQL Injection

mysql-binuuid-rails uses a data type that is derived from the base Binary type, except, it doesn’t convert the value to hex. Instead, it assumes the string value provided is a valid hex string and doesn’t do any checks on it. ActiveRecord does not explicitly escape the Binary data type (Type::Binary::Data) for mysql. The escaping is implicit as the Binary data type always converts it’s value to a hex string for ActiveRecord to use.