The Stock Management System web application version 1.0 is vulnerable to an unauthenticated SQL Injection attack. This vulnerability allows remote attackers to extract sensitive information from the SQL database using an Error-Based Injection technique.
Petrol Pump Management Software v1.0 is vulnerable to Remote Code Execution (RCE) due to a file upload flaw. An attacker can upload a malicious payload to the logo Photos parameter in the web_crud.php component, allowing them to execute arbitrary code on the server. By exploiting this vulnerability, an attacker can potentially take full control of the application.
E-INSUARANCE v1.0 is vulnerable to stored cross-site scripting (XSS) attacks. An attacker can inject malicious code into the Firstname and Lastname parameters in the profile component, allowing them to execute arbitrary scripts.
Hospital Management System v1.0 is vulnerable to Stored Cross Site Scripting (XSS) due to insufficient input validation. An attacker can execute malicious code by injecting a crafted payload into parameters such as 'patient_id', 'first_name', 'middle_initial', and 'last_name' in the 'receptionist.php' component.
The Simple Student Attendance System v1.0 is vulnerable to a Time Based Blind SQL Injection. An attacker can exploit this vulnerability by sending a crafted POST request with a malicious payload to the 'id' parameter in the delete_student function of the actions.class.php file. This allows the attacker to perform unauthorized SQL queries, potentially leading to data leakage or manipulation. This exploit has been tested using sqlmap tool.
The AC Repair and Services System v1.0 is vulnerable to SQL injection attacks due to improper input validation. An attacker can manipulate the SQL queries to execute arbitrary SQL commands, leading to unauthorized access to the database or data manipulation. This vulnerability has been demonstrated using sqlmap tool to perform time-based blind SQL injection attacks.
The Simple Student Attendance System v1.0 is vulnerable to SQL Injection through the 'classid' parameter. An attacker can exploit this vulnerability using time-based blind and union-based techniques to manipulate the database.
The Simple Student Attendance System is vulnerable to a Time-Based Blind SQL Injection in the delete_student function of actions.class.php. An attacker can manipulate the 'id' parameter to execute malicious SQL queries, potentially leading to unauthorized data retrieval or modification. The vulnerability has been tested using sqlmap tool with a time-based blind technique.
The AC Repair and Services System v1.0 is vulnerable to multiple SQL Injection attacks. An attacker can exploit this by manipulating the input fields to execute arbitrary SQL commands. This can lead to unauthorized access, data leakage, and potential data manipulation.
The Simple Student Attendance System v1.0 is vulnerable to 'classid' Time Based Blind and Union Based SQL Injection. An attacker can manipulate the 'classid' parameter to execute arbitrary SQL queries.
Services By CQR