User Registration & Login and User Management System With admin panel 3.0 application from PHPgurukul is vulnerable to Persistent XSS via the fname, lname, email, and contact field name. When User logs in or the admin user logs in the payload gets executed.
The Taskhub CRM Tool version 2.8.6 is vulnerable to SQL Injection. An attacker can exploit this vulnerability to execute arbitrary SQL queries and potentially gain unauthorized access to the database.
This exploit allows an attacker to perform SQL injection on OVOO Movie Portal CMS v3.3.3. The vulnerability exists in the 'maximum_rating' parameter of the 'filter_movies' endpoint, allowing an attacker to manipulate the SQL query and potentially gain unauthorized access to the database.
The Global - Multi School Management System Express v1.0 is vulnerable to SQL Injection. The vulnerability exists in the 'school_id' parameter of the '/report/balance' endpoint. An attacker can exploit this vulnerability by injecting malicious SQL code in the 'school_id' parameter, allowing them to extract sensitive information from the database or manipulate the database.
The Color Prediction Game v1.0 is vulnerable to SQL Injection. An attacker can exploit this vulnerability by injecting malicious SQL queries into the 'login_mobile' parameter. This allows the attacker to manipulate the database and potentially retrieve sensitive information.
This exploit allows an unauthenticated user to create an admin account in Crypto Currency Tracker (CCT) version 9.5 or earlier. By sending a specially crafted POST request to the /en/user/register endpoint, the attacker can bypass authentication and create an admin account.
The PHPJabbers Business Directory Script v3.2 is vulnerable to Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) attacks. An attacker can exploit these vulnerabilities to perform malicious actions or steal sensitive information.
The TV and FM transmitter suffers from an unauthenticated configuration and log download vulnerability. This will enable the attacker to disclose sensitive information and help him in authentication bypass, privilege escalation and full system access.
This exploit allows an attacker to inject malicious code in the 'note_public' parameter of the Dolibarr application, leading to a stored XSS vulnerability.
The installation of Inosoft VisiWin 7 creates insecure folders with incorrect permissions. This allows a malicious user to manipulate file content or change legitimate files to compromise a system or gain elevated privileges.
Services By CQR