Vulnerabilities

A security flaw has been discovered in code-projects Currency Exchange System 1.0. The affected element is an unknown function of the file /editotheraccount.php. Performing manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be exploited.

A weakness has been identified in Campcodes Retro Basketball Shoes Online Store 1.0. The impacted element is an unknown function of the file /admin/admin_running.php. Executing manipulation of the argument product_image can lead to unrestricted upload. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited.

A vulnerability was determined in code-projects Currency Exchange System 1.0. This issue affects some unknown processing of the file /viewserial.php. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.

A vulnerability was identified in code-projects Currency Exchange System 1.0. Impacted is an unknown function of the file /edittrns.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used.

A vulnerability was found in code-projects Currency Exchange System 1.0. This vulnerability affects unknown code of the file /edit.php. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used.

A vulnerability has been found in itsourcecode Student Information System 1.0. This affects an unknown part of the file /section_edit1.php. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.

A security vulnerability has been detected in projectworlds Advanced Library Management System 1.0. Affected is an unknown function of the file /delete_member.php. Such manipulation of the argument user_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.

A vulnerability was detected in projectworlds Advanced Library Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /delete_book.php. Performing manipulation of the argument book_id results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used.

A flaw has been found in projectworlds Advanced Library Management System 1.0. Affected by this issue is some unknown functionality of the file /member_search.php. Executing manipulation of the argument roll_number can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used.

A weakness has been identified in Campcodes School File Management System 1.0. This impacts an unknown function of the file /update_query.php. This manipulation of the argument stud_id causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> Bluetooth: hci_sync: Fix UAF in hci_disconnect_all_sync<br /> <br /> Use-after-free can occur in hci_disconnect_all_sync if a connection is<br /> deleted by concurrent processing of a controller event.<br /> <br /> To prevent this the code now tries to iterate over the list backwards<br /> to ensure the links are cleanup before its parents, also it no longer<br /> relies on a cursor, instead it always uses the last element since<br /> hci_abort_conn_sync is guaranteed to call hci_conn_del.<br /> <br /> UAF crash log:<br /> ==================================================================<br /> BUG: KASAN: slab-use-after-free in hci_set_powered_sync<br /> (net/bluetooth/hci_sync.c:5424) [bluetooth]<br /> Read of size 8 at addr ffff888009d9c000 by task kworker/u9:0/124<br /> <br /> CPU: 0 PID: 124 Comm: kworker/u9:0 Tainted: G W<br /> 6.5.0-rc1+ #10<br /> Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS<br /> 1.16.2-1.fc38 04/01/2014<br /> Workqueue: hci0 hci_cmd_sync_work [bluetooth]<br /> Call Trace:<br /> <br /> dump_stack_lvl+0x5b/0x90<br /> print_report+0xcf/0x670<br /> ? __virt_addr_valid+0xdd/0x160<br /> ? hci_set_powered_sync+0x2c9/0x4a0 [bluetooth]<br /> kasan_report+0xa6/0xe0<br /> ? hci_set_powered_sync+0x2c9/0x4a0 [bluetooth]<br /> ? __pfx_set_powered_sync+0x10/0x10 [bluetooth]<br /> hci_set_powered_sync+0x2c9/0x4a0 [bluetooth]<br /> ? __pfx_hci_set_powered_sync+0x10/0x10 [bluetooth]<br /> ? __pfx_lock_release+0x10/0x10<br /> ? __pfx_set_powered_sync+0x10/0x10 [bluetooth]<br /> hci_cmd_sync_work+0x137/0x220 [bluetooth]<br /> process_one_work+0x526/0x9d0<br /> ? __pfx_process_one_work+0x10/0x10<br /> ? __pfx_do_raw_spin_lock+0x10/0x10<br /> ? mark_held_locks+0x1a/0x90<br /> worker_thread+0x92/0x630<br /> ? __pfx_worker_thread+0x10/0x10<br /> kthread+0x196/0x1e0<br /> ? __pfx_kthread+0x10/0x10<br /> ret_from_fork+0x2c/0x50<br /> <br /> <br /> Allocated by task 1782:<br /> kasan_save_stack+0x33/0x60<br /> kasan_set_track+0x25/0x30<br /> __kasan_kmalloc+0x8f/0xa0<br /> hci_conn_add+0xa5/0xa80 [bluetooth]<br /> hci_bind_cis+0x881/0x9b0 [bluetooth]<br /> iso_connect_cis+0x121/0x520 [bluetooth]<br /> iso_sock_connect+0x3f6/0x790 [bluetooth]<br /> __sys_connect+0x109/0x130<br /> __x64_sys_connect+0x40/0x50<br /> do_syscall_64+0x60/0x90<br /> entry_SYSCALL_64_after_hwframe+0x6e/0xd8<br /> <br /> Freed by task 695:<br /> kasan_save_stack+0x33/0x60<br /> kasan_set_track+0x25/0x30<br /> kasan_save_free_info+0x2b/0x50<br /> __kasan_slab_free+0x10a/0x180<br /> __kmem_cache_free+0x14d/0x2e0<br /> device_release+0x5d/0xf0<br /> kobject_put+0xdf/0x270<br /> hci_disconn_complete_evt+0x274/0x3a0 [bluetooth]<br /> hci_event_packet+0x579/0x7e0 [bluetooth]<br /> hci_rx_work+0x287/0xaa0 [bluetooth]<br /> process_one_work+0x526/0x9d0<br /> worker_thread+0x92/0x630<br /> kthread+0x196/0x1e0<br /> ret_from_fork+0x2c/0x50<br /> ==================================================================

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> Revert "f2fs: fix to do sanity check on extent cache correctly"<br /> <br /> syzbot reports a f2fs bug as below:<br /> <br /> UBSAN: array-index-out-of-bounds in fs/f2fs/f2fs.h:3275:19<br /> index 1409 is out of range for type &amp;#39;__le32[923]&amp;#39; (aka &amp;#39;unsigned int[923]&amp;#39;)<br /> Call Trace:<br /> __dump_stack lib/dump_stack.c:88 [inline]<br /> dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106<br /> ubsan_epilogue lib/ubsan.c:217 [inline]<br /> __ubsan_handle_out_of_bounds+0x11c/0x150 lib/ubsan.c:348<br /> inline_data_addr fs/f2fs/f2fs.h:3275 [inline]<br /> __recover_inline_status fs/f2fs/inode.c:113 [inline]<br /> do_read_inode fs/f2fs/inode.c:480 [inline]<br /> f2fs_iget+0x4730/0x48b0 fs/f2fs/inode.c:604<br /> f2fs_fill_super+0x640e/0x80c0 fs/f2fs/super.c:4601<br /> mount_bdev+0x276/0x3b0 fs/super.c:1391<br /> legacy_get_tree+0xef/0x190 fs/fs_context.c:611<br /> vfs_get_tree+0x8c/0x270 fs/super.c:1519<br /> do_new_mount+0x28f/0xae0 fs/namespace.c:3335<br /> do_mount fs/namespace.c:3675 [inline]<br /> __do_sys_mount fs/namespace.c:3884 [inline]<br /> __se_sys_mount+0x2d9/0x3c0 fs/namespace.c:3861<br /> do_syscall_x64 arch/x86/entry/common.c:50 [inline]<br /> do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80<br /> entry_SYSCALL_64_after_hwframe+0x63/0xcd<br /> <br /> The issue was bisected to:<br /> <br /> commit d48a7b3a72f121655d95b5157c32c7d555e44c05<br /> Author: Chao Yu <br /> Date: Mon Jan 9 03:49:20 2023 +0000<br /> <br /> f2fs: fix to do sanity check on extent cache correctly<br /> <br /> The root cause is we applied both v1 and v2 of the patch, v2 is the right<br /> fix, so it needs to revert v1 in order to fix reported issue.<br /> <br /> v1:<br /> commit d48a7b3a72f1 ("f2fs: fix to do sanity check on extent cache correctly")<br /> https://lore.kernel.org/lkml/20230109034920.492914-1-chao@kernel.org/<br /> <br /> v2:<br /> commit 269d11948100 ("f2fs: fix to do sanity check on extent cache correctly")<br /> https://lore.kernel.org/lkml/20230207134808.1827869-1-chao@kernel.org/