SQLi - Faculty Evaluation System - Cyber Security News

Read Time:21 Second

Posted by Andrey Stoykov on Jul 07

# Exploit Title: Faculty Evaluation System – SQL Injection
# Date: 07/2023
# Exploit Author: Andrey Stoykov
# Version: 1.0
# Tested on: Windows Server 2022

SQLi #1

File: edit_evaluation

Line #4
$qry = $conn->query(“SELECT * FROM ratings where id =
“.$_GET[‘id’])->fetch_array();
[…]

SQLi #2

File: view_faculty.php

Line #4

// Add “id” parameter after “view_faculty” parameter then add equals…

gimp-2.10.38-12.fc40

FEDORA-2024-ccdbd92d7b Packages in this update: gimp-2.10.38-12.fc40 Update description: This update fixes issues with loading TGA and XCF files. Read More

December 31, 2024

Multiple vulnerabilities in CTFd versions <= 3.7.4

Posted by Blazej Adamczyk on Dec 30 ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ Multiple vulnerabilities in CTFd versions <= 3.7.4 ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 1 General information ═════════════════════......

December 31, 2024

IBMi Navigator / CVE-2024-51464 / HTTP Security Token Bypass

Posted by hyp3rlinx on Dec 30 [+] Credits: John Page (aka hyp3rlinx) [+] Website: hyp3rlinx.altervista.org [+] Source: https://hyp3rlinx.altervista.org/advisories/IBMi_Navigator_HTTP_Security_Token_Bypass-CVE-2024-51464.txt [+] x.com/hyp3rlinx...

December 31, 2024

IBMi Navigator / CVE-2024-51463 / Server Side Request Forgery (SSRF)

Posted by hyp3rlinx on Dec 30 [+] Credits: John Page (aka hyp3rlinx) [+] Website: hyp3rlinx.altervista.org [+] Source: https://hyp3rlinx.altervista.org/advisories/IBMi_Navigator_Server_Side_Request_Forgery_CVE-2024-51463.txt [+] x.com/hyp3rlinx...

December 31, 2024

PAN-OS Firewall Denial of Service (DoS) Vulnerability

What is the Vulnerability?Attackers are exploiting, a Denial-of-Service vulnerability (CVE-2024-3393) in the DNS Security feature of Palo Alto Networks PAN-OS....

December 31, 2024

golang-github-git-5-5.13.0-1.fc42

FEDORA-2024-ac5e7f9952 Packages in this update: golang-github-git-5-5.13.0-1.fc42 Update description: Automatic update for golang-github-git-5-5.13.0-1.fc42. Changelog * Tue Dec 31 2024 Mikel Olasagasti...

December 31, 2024

Gift Card Fraud

U.S. Army Soldier Arrested in AT&T, Verizon Extortions

Salt Typhoon’s Reach Continues to Grow

Majority of UK SMEs Lack Cybersecurity Policy

Happy 15th Anniversary, KrebsOnSecurity!

CISA’s 2024 Review Highlights Major Efforts in Cybersecurity Industry Collaboration

Casino Players Using Hidden Cameras for Cheating

Friday Squid Blogging: Squid on Pizza

Scams Based on Fake Google Emails

SQLi – Faculty Evaluation System

gimp-2.10.38-12.fc40

Multiple vulnerabilities in CTFd versions <= 3.7.4

IBMi Navigator / CVE-2024-51464 / HTTP Security Token Bypass

IBMi Navigator / CVE-2024-51463 / Server Side Request Forgery (SSRF)

PAN-OS Firewall Denial of Service (DoS) Vulnerability

golang-github-git-5-5.13.0-1.fc42