Latest SQL Injection news

Exploit for critical Fortra FileCatalyst Workflow SQLi flaw released

The Fortra FileCatalyst Workflow is vulnerable to an SQL injection vulnerability that could allow remote unauthenticated attackers to create rogue admin users and manipulate data on the application database.
- Bill Toulas
- June 26, 2024
- 12:56 PM
- 0
Facebook PrestaShop module exploited to steal credit cards

Hackers are exploiting a flaw in a premium Facebook module for PrestaShop named pkfacebook to deploy a card skimmer on vulnerable e-commerce sites and steal people's payment credit card details.
- Bill Toulas
- June 23, 2024
- 10:08 AM
- 0
New BIG-IP Next Central Manager bugs allow device takeover

F5 has fixed two high-severity BIG-IP Next Central Manager vulnerabilities, which can be exploited to gain admin control and create rogue accounts on any managed assets.
- Sergiu Gatlan
- May 08, 2024
- 03:52 PM
- 0
WP Automatic WordPress plugin hit by millions of SQL injection attacks

Hackers have started to target a critical severity vulnerability in the WP Automatic plugin for WordPress to create user accounts with administrative privileges and to plant backdoors for long-term access.
- Bill Toulas
- April 25, 2024
- 10:27 AM
- 0
Critical flaw in LayerSlider WordPress plugin impacts 1 million sites

A premium WordPress plugin named LayerSlider, used in over one million sites, is vulnerable to unauthenticated SQL injection, requiring admins to prioritize applying security updates for the plugin.
- Bill Toulas
- April 03, 2024
- 02:21 PM
- 3
CISA urges software devs to weed out SQL injection vulnerabilities

CISA and the FBI urged executives of technology manufacturing companies to prompt formal reviews of their organizations' software and implement mitigations to eliminate SQL injection (SQLi) security vulnerabilities before shipping.
- Sergiu Gatlan
- March 25, 2024
- 02:26 PM
- 1
Exploit released for Fortinet RCE bug used in attacks, patch now

Security researchers have released a proof-of-concept (PoC) exploit for a critical vulnerability in Fortinet's FortiClient Enterprise Management Server (EMS) software, which is now actively exploited in attacks.
- Sergiu Gatlan
- March 21, 2024
- 11:17 AM
- 0
Fortinet warns of critical RCE bug in endpoint management software

Fortinet patched a critical vulnerability in its FortiClient Enterprise Management Server (EMS) software that can allow attackers to gain remote code execution (RCE) on vulnerable servers.
- Sergiu Gatlan
- March 13, 2024
- 02:48 PM
- 0
Hackers steal data of 2 million in SQL injection, XSS attacks

A threat group named 'ResumeLooters' has stolen the personal data of over two million job seekers after compromising 65 legitimate job listing and retail sites using SQL injection and cross-site scripting (XSS) attacks.
- Bill Toulas
- February 06, 2024
- 02:00 AM
- 1
WP Fastest Cache plugin bug exposes 600K WordPress sites to attacks

The WordPress plugin WP Fastest Cache is vulnerable to an SQL injection vulnerability that could allow unauthenticated attackers to read the contents of the site's database.
- Bill Toulas
- November 14, 2023
- 06:32 PM
- 1
Hackers exploit recent F5 BIG-IP flaws in stealthy attacks

F5 is warning BIG-IP admins that devices are being breached by "skilled" hackers exploiting two recently disclosed vulnerabilities to erase signs of their access and achieve stealthy code execution.
- Bill Toulas
- November 01, 2023
- 10:52 AM
- 0
Microsoft: Hackers target Azure cloud VMs via breached SQL servers

Hackers have been observed trying to breach cloud environments through Microsoft SQL Servers vulnerable to SQL injection.
- Bill Toulas
- October 04, 2023
- 10:53 AM
- 0
MOVEit Transfer customers warned to patch new critical flaw

MOVEit Transfer, the software at the center of the recent massive spree of Clop ransomware breaches, has received an update that fixes a critical-severity SQL injection bug and two other less severe vulnerabilities.
- Bill Toulas
- July 07, 2023
- 08:35 AM
- 0
MOVEit Transfer customers warned of new flaw as PoC info surfaces

Progress warned MOVEit Transfer customers to restrict all HTTP access to their environments after info on a new SQL injection (SQLi) vulnerability (tracked as CVE-2023-35708) was shared online today.
- Sergiu Gatlan
- June 15, 2023
- 04:58 PM
- 0
New MOVEit Transfer critical flaws found after security audit, patch now

Progress Software warned customers today of newly found critical SQL injection vulnerabilities in its MOVEit Transfer managed file transfer (MFT) solution that can let attackers steal information from customers' databases.
- Sergiu Gatlan
- June 09, 2023
- 02:49 PM
- 0
Over 29,000 QNAP devices vulnerable to code injection attacks

Tens of thousands of QNAP network-attached storage (NAS) devices exposed online are waiting to be patched against a critical security flaw addressed by the Taiwanese company on Monday.
- Sergiu Gatlan
- January 31, 2023
- 06:14 PM
- 0
QNAP fixes critical bug letting hackers inject malicious code

QNAP is warning customers to install QTS and QuTS firmware updates that fix a critical security vulnerability allowing remote attackers to inject malicious code on QNAP NAS devices.
- Bill Toulas
- January 30, 2023
- 12:25 PM
- 0
75k WordPress sites impacted by critical online course plugin flaws

The WordPress online course plugin 'LearnPress' was vulnerable to multiple critical-severity flaws, including pre-auth SQL injection and local file inclusion.
- Bill Toulas
- January 24, 2023
- 12:16 PM
- 0
PoC exploits released for critical bugs in popular WordPress plugins

Three popular WordPress plugins with tens of thousands of active installations are vulnerable to high-severity or critical SQL injection vulnerabilities, with proof-of-concept exploits now publicly available.
- Bill Toulas
- January 13, 2023
- 04:28 PM
- 0
Zoho urges admins to patch severe ManageEngine bug immediately

Business software provider Zoho has urged customers to patch a high-severity security flaw affecting multiple ManageEngine products.
- Sergiu Gatlan
- January 04, 2023
- 02:52 PM
- 0