Systems that do not use the clientIP variable in the configuration are not vulnerable.
A client can thus inject multiple arguments into the session startup. The X-Forwarded-For header can be manipulated by a client to store an arbitrary value that is used to replace the clientIp variable (without sanitization). The variable can be used as an application startup argument. The client IP address is associated with a variable in the configuration page. Webswing before 22.1.3 allows X-Forwarded-For header injection. So Filter Shop v3.x was discovered to contain multiple blind SQL injection vulnerabilities via the att_value_id, manu_value_id, opt_value_id, and subcate_value_id parameters at /index.php?route=extension/module/so_filter_shop_by/filter_data. The SAML 2.0 messages constructed during the authentication flow in Apache CloudStack are XML-based and the XML data is parsed by various standard libraries that are now understood to be vulnerable to XXE injection attacks such as arbitrary file reading, possible denial of service, server-side request forgery (SSRF) on the CloudStack management server.Ī SQL injection issue was discovered in the lux extension before 17.6.1, and 18.x through 24.x before 24.0.2, for TYPO3. When the SAML 2.0 plugin is enabled in affected versions of Apache CloudStack could potentially allow the exploitation of XXE vulnerabilities. This plugin is not enabled by default and the attacker would require that this plugin be enabled to exploit the vulnerability. In JetBrains TeamCity before 2022.04.2 build parameter injection was possibleĪpache CloudStack version 4.5.0 and later has a SAML 2.0 authentication Service Provider plugin which is found to be vulnerable to XML external entity (XXE) injection. PrestaShop 1.6.0.10 through 1.7.x before 1.7.8.2 allows remote attackers to execute arbitrary code, aka a "previously unknown vulnerability chain" related to SQL injection, as exploited in the wild in July 2022.
0 kommentar(er)
