Petrol Pump Management Software v1.0 is vulnerable to Remote Code Execution (RCE) due to a file upload flaw. An attacker can upload a malicious payload to the logo Photos parameter in the web_crud.php component, allowing them to execute arbitrary code on the server. By exploiting this vulnerability, an attacker can potentially take full control of the application.
A Stored Cross Site Scripting vulnerability in Petrol Pump Management Software v.1.0 allows attackers to execute malicious code by uploading a crafted payload to the 'Image' parameter in the 'profile.php' component. By uploading an 'xss.svg' file, an attacker can inject arbitrary scripts into the application.
A file upload vulnerability in Petrol Pump Management Software v1.0 allows an attacker to run malicious code by uploading a specifically crafted payload to the email Image parameter in the profile.php component.
A Cross Site Scripting (XSS) vulnerability in Petrol Pump Management Software v1.0 allows attackers to execute malicious code by inserting a specially crafted payload into the 'Address' parameter in the add_invoices.php component.
The Petrol Pump Management Software version 1.0 is vulnerable to SQL Injection, allowing an attacker to execute malicious code by manipulating the email address parameter in the index.php component.
An attacker can exploit a Cross Site Scripting vulnerability in Petrol Pump Management Software v.1.0 by injecting malicious code through a crafted payload into the image parameter in the profile.php component. By uploading a specially crafted xss.svg file, the attacker can execute arbitrary code. The content of the xss.svg file includes a script that triggers an alert message.
A file upload vulnerability in Petrol Pump Management Software v1.0 allows an attacker to run arbitrary code by uploading a specially crafted payload to the 'Image' parameter in the 'profile.php' component.
A Stored Cross Site Scripting (XSS) vulnerability in Petrol Pump Management Software v1.0 allows attackers to execute malicious code by injecting a crafted payload into the Address parameter in the add_invoices.php component.
A SQL Injection vulnerability was discovered in Petrol Pump Management Software v.1.0. This vulnerability allows an attacker to execute arbitrary code by injecting a malicious payload into the email address parameter within the index.php component.
A Cross Site Scripting vulnerability was found in Petrol Pump Management Software v.1.0. This vulnerability allows an attacker to execute malicious code by uploading a specially crafted SVG file to the 'image' parameter in the profile.php component. By exploiting this vulnerability, an attacker can conduct various attacks such as stealing sensitive data, session hijacking, or defacing the website.
Services By CQR