The 'bid' parameter in /delete.php of Code-Projects Blood Bank V1.0 is vulnerable to Out-of-Band SQL Injection. Attackers can exploit this by using Burp Collaborator to execute OOB SQL injection attacks, potentially gaining access to sensitive data.
The Open Source Medicine Ordering System v1.0 is vulnerable to SQL Injection. By exploiting this vulnerability, an attacker can extract sensitive data from the database, such as admin users' information.
The 'rename', 'remail', 'rphone', and 'rcity' parameters in the 'updateprofile.php' file of Code-Projects Blood Bank V1.0 are vulnerable to Stored Cross-Site Scripting (XSS) due to lack of proper input validation. An attacker can inject malicious scripts into these parameters, and when stored on the server, these scripts may get executed when viewed by other users.
The 'id' parameter of Computer Laboratory Management System v1.0 is prone to SQL injection attacks. By injecting a payload that includes a sub-query to MySQL's load_file function with a UNC file path pointing to an external domain, an attacker can execute malicious SQL queries and retrieve sensitive information from the system.
The Online Hotel Booking system in PHP version 1.0 is vulnerable to Blind SQL Injection. An attacker can exploit this vulnerability to extract sensitive information from the database without authentication. This exploit has not been assigned a CVE yet.
Simple Task List version 1.0 is vulnerable to SQL Injection in the 'status' parameter of the addTask.php file. An attacker can exploit this vulnerability to execute malicious SQL queries, potentially leading to unauthorized access and extraction of sensitive data from the database.
SQL Injection vulnerability in Employee Management System version 1.0 allows attackers to execute arbitrary SQL commands through the admin_id parameter in update-admin.php. An attacker can manipulate the admin_id parameter to inject malicious SQL queries, leading to unauthorized access or data manipulation.
SQL injection is a type of security vulnerability that allows attackers to manipulate the database queries of an application. By inserting SQL queries through input data, attackers can access sensitive information, modify data, perform administrative tasks, retrieve files, and in some cases, execute commands on the operating system.
The Workout Journal App version 1.0 is vulnerable to stored XSS. By registering with malicious XSS payloads in the First and Last name fields during registration, an attacker can execute arbitrary scripts. This vulnerability arises due to lack of data validation, allowing the browser to execute injected code.
The vulnerability of Broken Access Control allows unauthorized users to access the home page and perform operations like creating, updating, or deleting trackers without the need for credentials.
Services By CQR