Vulnerabilities

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> hrtimers: Handle CPU state correctly on hotplug<br /> <br /> Consider a scenario where a CPU transitions from CPUHP_ONLINE to halfway<br /> through a CPU hotunplug down to CPUHP_HRTIMERS_PREPARE, and then back to<br /> CPUHP_ONLINE:<br /> <br /> Since hrtimers_prepare_cpu() does not run, cpu_base.hres_active remains set<br /> to 1 throughout. However, during a CPU unplug operation, the tick and the<br /> clockevents are shut down at CPUHP_AP_TICK_DYING. On return to the online<br /> state, for instance CFS incorrectly assumes that the hrtick is already<br /> active, and the chance of the clockevent device to transition to oneshot<br /> mode is also lost forever for the CPU, unless it goes back to a lower state<br /> than CPUHP_HRTIMERS_PREPARE once.<br /> <br /> This round-trip reveals another issue; cpu_base.online is not set to 1<br /> after the transition, which appears as a WARN_ON_ONCE in enqueue_hrtimer().<br /> <br /> Aside of that, the bulk of the per CPU state is not reset either, which<br /> means there are dangling pointers in the worst case.<br /> <br /> Address this by adding a corresponding startup() callback, which resets the<br /> stale per CPU state and sets the online flag.<br /> <br /> [ tglx: Make the new callback unconditionally available, remove the online<br /> modification in the prepare() callback and clear the remaining<br /> state in the starting callback instead of the prepare callback ]

HCL Connections Docs is vulnerable to a sensitive information disclosure which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data.

A vulnerability was found in SourceCodester Best Church Management Software 1.1. It has been classified as critical. This affects an unknown part of the file /admin/app/role_crud.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

A vulnerability has been found in code-projects Real Estate Property Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /_parse/load_user-profile.php. The manipulation of the argument userhash leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.

The Welcart e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘name’ parameter in all versions up to, and including, 2.11.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

A vulnerability, which was classified as problematic, has been found in code-projects Real Estate Property Management System 1.0. This issue affects some unknown processing of the file /Admin/EditCategory. The manipulation of the argument CategoryId leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

A vulnerability, which was classified as problematic, was found in code-projects Real Estate Property Management System 1.0. Affected is an unknown function of the file /search.php. The manipulation of the argument PropertyName leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

The Small Package Quotes – Purolator Edition plugin for WordPress is vulnerable to SQL Injection via the &amp;#39;edit_id&amp;#39; and &amp;#39;dropship_edit_id&amp;#39; parameters in all versions up to, and including, 3.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

The Brizy – Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the &amp;#39;storeUploads&amp;#39; function in all versions up to, and including, 2.6.4. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload arbitrary files on the affected site&amp;#39;s server which may make remote code execution possible.

The WP Abstracts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.3. This is due to missing nonce validation on multiple functions. This makes it possible for unauthenticated attackers to delete arbitrary accounts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

The LTL Freight Quotes – Unishippers Edition plugin for WordPress is vulnerable to SQL Injection via the &amp;#39;edit_id&amp;#39; parameter in all versions up to, and including, 2.5.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.