The MiniCMS version 1.10 is vulnerable to a Cross Site Scripting (XSS) attack. By injecting malicious script code into the 'date' parameter of the 'page.php' script, an attacker can execute arbitrary scripts in the context of the user's browser.
The SQL Injection vulnerability exists in RosarioSIS 7.6 through the 'votes' parameter. By manipulating the 'votes' parameter in the POST request, an attacker can inject malicious SQL queries. This can lead to unauthorized access to the database, data manipulation, and potentially further exploitation of the system. This vulnerability has been assigned the CVE identifier CVE-2021-44567.
The code-projects Online Exam Mastering System 1.0 is prone to a Reflected Cross-Site Scripting (XSS) vulnerability in the 'q' parameter of feedback.php. This issue occurs because the application does not properly sanitize user-supplied input, enabling an attacker to execute arbitrary JavaScript code.
The exploit involves creating a malicious Windows theme file that contains a link to an attacker-controlled SMB server. When the victim opens this theme file, their NTLM hash is captured by the attacker. This vulnerability is identified as CVE-2024-21320.
Reservit Hotel plugin version 2.1 does not properly sanitize and escape certain settings, allowing high privilege users, like admin, to execute Stored Cross-Site Scripting attacks. This vulnerability can be exploited even when the unfiltered_html capability is restricted.
The exploit allows an attacker to execute arbitrary JavaScript code in PDF.js in Firefox ESR version 115.11. By manipulating a crafted PDF file, an attacker can trigger this vulnerability. This exploit is identified as CVE-2024-4367.
The vulnerability in Gnuboard5 version 5.3.2.8 allows an attacker to execute arbitrary SQL queries through the 'mysql_user', 'mysql_pass', 'mysql_db', and 'table_prefix' parameters in the 'install_db.php' script, leading to unauthorized access to the database. This exploit utilizes SQL injection to manipulate the SQL queries, potentially resulting in data leakage, modification, or deletion. The CVE associated with this vulnerability is CVE-2020-18662.
A stored cross-site scripting (XSS) vulnerability is found in ResidenceCMS 2.10.1. This vulnerability permits a user with low privileges to insert malicious HTML content as a stored XSS payload within property pages. When the affected property page is accessed by any user, including the administrator, the XSS payload gets executed.
In ProConf version before 6.1, an Insecure Direct Object Reference (IDOR) vulnerability exists. This vulnerability allows any author to access and retrieve all submitted papers including titles, abstracts, and personal information of authors (such as Name, Email, Organization, and Position) by manipulating the Paper ID parameter.
An attacker can exploit GetSimpleCMS version 3.3.16 by creating a malicious .phar file that contains a PHP script allowing the execution of arbitrary commands. By uploading this file through a vulnerable upload functionality, the attacker can trigger the execution of the injected code remotely, leading to a remote code execution vulnerability. This vulnerability is identified as CVE-2021-28976.
Services By CQR