An authenticated remote code execution vulnerability exists in ElkArte Forum version 1.1.9. By uploading a malicious PHP file via the theme installation feature, an attacker can execute arbitrary commands on the server, leading to a compromise of the system.
An attacker can exploit the vulnerability in PyroCMS v3.0.1 by injecting a malicious payload into the 'Redirect From' field, triggering a stored cross-site scripting (XSS) attack. This could lead to unauthorized access, data theft, and other malicious activities. No CVE has been assigned yet.
The vulnerability in liveSite Version 2019.1 allows an attacker to execute arbitrary code remotely. By creating a campaign with a specific payload, an attacker can view sensitive system information like the contents of '/etc/passwd'.
By uploading a malicious PHP file in the Languages section of LeptonCMS 7.0.0, an authenticated attacker can execute arbitrary code on the server. This can lead to unauthorized access, data theft, or further compromise of the system. This vulnerability has not been assigned a CVE at the time of writing.
The exploit allows an attacker to perform an Account Takeover by manipulating the 'id' parameter in the URL of the 'Users.php?f=save' endpoint in Lost and Found Information System v1.0. By changing the 'id' parameter, an attacker can access other user accounts without proper authorization. This vulnerability has been assigned CVE-2023-38965.
Thefacebook is affected by various cross-site scripting vulnerabilities. These vulnerabilities occur due to a failure to properly sanitize user-supplied URI input. An attacker can create a malicious URI link containing hostile HTML and script code. If a victim user follows this link, the malicious code can be executed in the web browser, potentially leading to the theft of authentication credentials or other attacks.
The Code Widgets Multiple Question - Multiple Choice Online Questionaire is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The vulnerability allows an attacker to inject sql commands.
The vulnerability allows an attacker to inject sql commands.
A flaw in the profile section of Online Voting System allows an unauthenticated user to set an arbitrary password for accounts registered in the application. The application does not check the validity of the session cookie and updates the password and other fields of a user based on an incremental identifier and without requiring the current valid password for target account.
Services By CQR