YesWiki before 4.5.2 allows unauthenticated path traversal via the 'squelette' parameter. An attacker can exploit this to read arbitrary files on the server, like /etc/passwd.
The endpoint /EventAttendance.php is vulnerable to Authenticated SQL Injection (Union-based and Blind-based) via the Event GET parameter. This endpoint can be triggered through the following menu: Events - Event Attendance Reports - Church Service/Sunday School. The Event Parameter is taken directly from the query string and passed into the SQL query without any sanitization or input escaping. This allows the attacker to inject malicious Event payloads to execute the malicious SQL query.
VisNetic WebMail is prone to an information disclosure vulnerability. By appending a dot '.' character to the end of a URI request to WebMail, the source code of PHP files may be returned in the web browser.
Access Remote PC 4.5.1 discloses passwords to local users.
Input passed to multiple parameters in "predefined_variables.php" are not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources. POC: http://localhost/pluck-4_5_1/data/inc/themes/predefined_variables.php?blogpost=../../../../../../../../boot.ini
Services By CQR