The CmsMadeSimple v2.2.17 application is vulnerable to stored cross-site scripting (XSS) attacks. An attacker can exploit this vulnerability by injecting malicious code into the metadata section, which will be executed when the content is viewed.
This exploit allows remote attackers to execute arbitrary code on the affected system. The vulnerability exists in CmsMadeSimple version 2.2.17.
The CmsMadeSimple v2.2.17 application is vulnerable to session hijacking through Server-Side Template Injection (SSTI). An attacker can inject malicious code into the content section, which can be executed when a user visits the page. This allows the attacker to hijack the user's session cookies.
This exploit allows an attacker to upload a malicious shell.php file to the target system using the Online Piggery Management System v1.0. By exploiting this vulnerability, an attacker can execute arbitrary commands on the target system.
The vulnerability allows an attacker to inject malicious code that will be stored and executed in the context of the affected website. In this case, the vulnerability exists in the Backdrop CMS v1.25.1 version. The attacker can upload a specially crafted SVG file containing malicious JavaScript code. When the file is accessed, the code is executed, leading to a cross-site scripting attack.
The 'useremail' parameter in Vaidya-Mitra 1.0 is vulnerable to SQL injection attacks. An attacker can inject a payload that calls MySQL's load_file function with a UNC file path, allowing them to interact with an external domain and potentially steal sensitive information like login credentials and phone numbers.
The Joomla! com_booking component version 2.4.9 allows an attacker to enumerate all accounts by performing a GET request with a specific ID parameter.
An authentication bypass exists in when the hash of the password selected by the user incidently begins with 0e, 00e, and in some PHP versions, 0x. This is because loose type comparision is performed between the password hash and the loggedon value, which by default for an unauthenticated user is 0 and can additionally be controlled by the attacker. This allows an attacker to bypass the login and obtain remote code execution.
PimpMyLog suffers from improper access control on the account creation endpoint, allowing a remote attacker to create an admin account without any existing permissions. The username is not sanitized and can be leveraged as a vector for stored XSS. This allows the attacker to hide the presence of the backdoor account from legitimate admins. Depending on the previous configuration, an attacker may be able to view sensitive information in apache, iis, nginx, and/or php logs. The attacker can view server-side environmental variables through the debug feature, which may include passwords or api keys.
The Pluck CMS v4.7.18 is vulnerable to remote code execution (RCE) due to improper handling of user-supplied input. An attacker can exploit this vulnerability to execute arbitrary code on the target system.
Services By CQR
