PROJET AUTOBLOG

The Hacker News

Site original : The Hacker News

⇐ retour index

Mise à jour

Mise à jour de la base de données, veuillez patienter...

Critical SQL Injection Flaws Expose Gentoo Soko to Remote Code Execution

mercredi 28 juin 2023 à 09:24
Multiple SQL injection vulnerabilities have been disclosed in Gentoo Soko that could lead to remote code execution (RCE) on vulnerable systems. "These SQL injections happened despite the use of an Object-Relational Mapping (ORM) library and prepared statements," SonarSource researcher Thomas Chauchefoin said, adding they could result in RCE on Soko because of a "misconfiguration of the database.
Error happened! 0 - count(): Argument #1 ($value) must be of type Countable|array, null given In: /var/www/ecirtam.net/autoblogs/autoblogs/autoblog.php:428 http://www.ecirtam.net/autoblogs/autoblogs/plusgooglecom108722708627977273008_4b868befb999be8d4a12cee6eafcf1d5f929d04b/?2023-07-02-Critical-SQL-Injection-Flaws-Expose-Gentoo-Soko-to-Remote-Code-Executi #0 /var/www/ecirtam.net/autoblogs/autoblogs/autoblog.php(999): VroumVroum_Blog->update() #1 /var/www/ecirtam.net/autoblogs/autoblogs/plusgooglecom108722708627977273008_4b868befb999be8d4a12cee6eafcf1d5f929d04b/index.php(1): require_once('...') #2 {main}