CVE-2018-7600.zip
15 KB
CVE-2018-7600
Author: 4l13n-DN
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.
GitHub Link:
https://github.com/4l13n-DN/POC-CVE-2018-7600
Author: 4l13n-DN
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.
GitHub Link:
https://github.com/4l13n-DN/POC-CVE-2018-7600
CVE-2022-33171.zip
30.7 KB
CVE-2022-33171
Author: dajneem23
DISPUTED The findOne function in TypeORM before 0.3.0 can either be supplied with a string or a FindOneOptions object. When input to the function is a user-controlled parsed JSON object, supplying a crafted FindOneOptions instead of an id string leads to SQL injection. NOTE: the vendor's position is that the user's application is responsible for input validation.
GitHub Link:
https://github.com/dajneem23/CVE-2022-33171
Author: dajneem23
DISPUTED The findOne function in TypeORM before 0.3.0 can either be supplied with a string or a FindOneOptions object. When input to the function is a user-controlled parsed JSON object, supplying a crafted FindOneOptions instead of an id string leads to SQL injection. NOTE: the vendor's position is that the user's application is responsible for input validation.
GitHub Link:
https://github.com/dajneem23/CVE-2022-33171