Suggest Exploit

Explore Vulnerabilities


Explore all Exploits:

appRain CMF v0.1.5 – Multiple Web Vulnerabilities

A SQL Injection vulnerability is detected on the appRain CMF v0.1.5. The bug allows an remote attacker to inject/execute own sql statements over the vulnerable param request. Successful exploitation of the bug can lead to dbms & cms compromise. A non-persistent cross site scripting vulnerability is detected on appRain CMF v0.1.5. The vulnerability allows remote attackers to hijack skype customer sessions via cross site scripting. Successful exploitation of the client-side vulnerability can result in session hijacking & account steal (user/customer/moderator/administrator).

appRain CMF Multiple Cross-Site Request-Forgery Vulnerabilities

appRain CMF is prone to multiple cross-site request-forgery vulnerabilities. Exploiting these issues may allow a remote attacker to perform certain unauthorized actions in the context of the affected application. Other attacks are also possible. An attacker can craft a malicious HTML page that contains a form with hidden fields and submit it to the vulnerable application. The application will then process the form and perform the specified actions.

Blind SQL Injection in appRain: CVE-2013-6058

The vulnerability is caused by insufficient validation of user-supplied data appended to "/blog-by-cat/" URL. Remote attacker can execute arbitrary SQL commands to read, modify or delete information in application's database. The following exploitation example will display all posts from category 1, if the MySQL Server version is 5.x, otherwise no posts will be displayed: http://[host]/blog-by-cat/1%20and%20substring(version(),1,1)=5/

appRain CMF Arbitrary PHP File Upload Vulnerability

This module exploits a vulnerability found in appRain's Content Management Framework (CMF), version 0.1.5 or less. By abusing the uploadify.php file, a malicious user can upload a file to the uploads/ directory without any authentication, which results in arbitrary code execution.

Recent Exploits: