The PHP calendar script allows an attacker to download the user.txt file containing sensitive information like admin credentials. The file can be accessed directly through the exploit link provided.
Operator Can Change Role User Type to admin
Ingenious School Management System is vulnerable to SQL Injection. An attacker can exploit this vulnerability by sending a malicious SQL query to the vulnerable parameter 'id' in the 'get_teacher.php' page. This can allow the attacker to gain access to the database and execute arbitrary commands.
Lyrist - Music Lyrics Script is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this vulnerability to manipulate SQL queries by injecting arbitrary SQL code. This may allow the attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
The vulnerability allows an attacker to bypass authentication of the Star Vision DVR IP Camera. The attacker can open the Chrome browser, enter the IP address or domain to see the login screen of the camera, press the F12 key to open the browser console, click the Console tab and enter the code 'login_set(1,1,1,1);'. Then, the attacker can go to page view2.html and access the camera.
An attacker can inject arbitrary SQL commands into the 'id' parameter of the 'allgallery.php' script. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
An attacker can inject arbitrary SQL commands into the 'pid' parameter of the product_view1.php script, allowing them to access or modify the underlying database.
A buffer overflow vulnerability exists in SphereFTP Server v2.0 when a long string is sent to the FTP server. An attacker can exploit this vulnerability to crash the FTP server.
A vulnerability in Free News Script allows an attacker to download a file containing the username and password hash of all users. By accessing the URL http://site/admin/user.txt, an attacker can download a file containing the username and password hash of all users. The password hash is in MD5 format.
This exploit allows an attacker to read the db.php file of the php Real Estate Script v.3 by sending a POST request to the admin/ajax_cms/get_template_content/ page with the tpl parameter set to the path of the file.
Services By CQR