Facebook Twitter Instagram
    • Privacy Policy
    • Contact Us
    Facebook Twitter Instagram Pinterest Vimeo
    AI Home SecurityAI Home Security
    • Home
    • Home Security
    • Cyber Security
    • Biometric Technology
    Contact
    AI Home SecurityAI Home Security
    Cyber Security

    Critical SQL Injection Flaws Expose Gentoo Soko to Remote Code Execution

    justmattgBy justmattgJune 28, 2023No Comments2 Mins Read

    [ad_1]

    Jun 28, 2023Ravie LakshmananEndpoint Security / RCE

    SQL Injection

    Multiple SQL injection vulnerabilities have been disclosed in Gentoo Soko that could lead to remote code execution (RCE) on vulnerable systems.

    “These SQL injections happened despite the use of an Object-Relational Mapping (ORM) library and prepared statements,” SonarSource researcher Thomas Chauchefoin said, adding they could result in RCE on Soko because of a “misconfiguration of the database.”

    The two issues, which were discovered in the search feature of Soko, have been collectively tracked as CVE-2023-28424 (CVSS score: 9.1). They were addressed within 24 hours of responsible disclosure on March 17, 2023.

    Soko is a Go software module that powers packages.gentoo.org, offering users an easy way to search through different Portage packages that are available for Gentoo Linux distribution.

    But the shortcomings identified in the service meant that it could have been possible for a malicious actor to inject specially crafted code, resulting in the exposure of sensitive information.

    Cybersecurity

    “The SQL injections were exploitable and had the ability to disclose the PostgreSQL server’s version and execute arbitrary commands on the system,” SonarSource said.

    The development comes months after SonarSource uncovered a cross-site scripting (XSS) flaw in an open-source business suite called Odoo that could be exploited to impersonate any victim on a vulnerable Odoo instance as well as exfiltrate valuable data.

    Earlier this year, security weaknesses were also disclosed in open-source software such as Pretalx and OpenEMR that could pave the way for remote attackers to execute arbitrary code.

    Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.



    [ad_2]

    Source link

    Previous ArticleChoosing A Bulletproof Backpack | Bulletproof Backpack Brands
    Next Article 5 Portable & Easy-to-Use Bulletproof Items for Use in Your Day to Day
    justmattg
    • Website

    Related Posts

    Cyber Security

    Name That Toon: Last Line of Defense

    April 16, 2024
    Cyber Security

    OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt

    April 16, 2024
    Cyber Security

    Middle East Cyber Ops Intensify, With Israel the Main Target

    April 16, 2024
    Add A Comment

    Leave A Reply Cancel Reply

    Facebook Twitter Instagram Pinterest
    • Privacy Policy
    • Contact Us
    AI Home Security © 2025 All rights reserved | Designed By ESmartsSolution

    Type above and press Enter to search. Press Esc to cancel.

    ↑