Django up to 3.1.12/3.2.4 QuerySet.order_by sql injection

A vulnerability classified as critical has been found in Django up to 3.1.12/3.2.4 (Content Management System). Affected is the function QuerySet.order_by. Upgrading to version 3.1.13 or 3.2.5 eliminates this vulnerability. The upgrade is hosted for download at docs.djangoproject.com.

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2023-29632 : JMSPAGEBUILDER 3.X ON PRESTASHOP AJAX_JMSPAGEBUILDER.PHP SQL INJECTION

CVE-2023-29632 : JMSPAGEBUILDER 3.X ON PRESTASHOP AJAX_JMSPAGEBUILDER.PHP SQL INJECTION

Description PrestaShop jmspagebuilder 3.x is vulnerable to SQL Injection via ajax_jmspagebuilder.php. References https://friends-of-presta.github.io/security-advisories/modules/2023/03/13/jmspagebuilder.html For More Information MITRE

CVE-2023-3065 : MOBATIME AMXGT100 UP TO 1.3.20 IMPROPER AUTHENTICATION

CVE-2023-3065 : MOBATIME AMXGT100 UP TO 1.3.20 IMPROPER AUTHENTICATION

Description Improper Authentication vulnerability in Mobatime mobile application AMXGT100 allows Authentication Bypass.This issue affects Mobatime mobile application AMXGT100 through 1.3.20.

CVE-2023-2781 : USER EMAIL VERIFICATION FOR WOOCOMMERCE PLUGIN UP TO 3.5.0 ON WORDPRESS IMPROPER AUTHENTICATION

CVE-2023-2781 : USER EMAIL VERIFICATION FOR WOOCOMMERCE PLUGIN UP TO 3.5.0 ON WORDPRESS IMPROPER AUTHENTICATION

Description The User Email Verification for WooCommerce plugin for WordPress is vulnerable to authentication bypass via authenticate_user_by_email in versions up