The vulnerability allows an attacker to inject malicious code that will be stored and executed in the context of the affected website. In this case, the vulnerability exists in the Backdrop CMS v1.25.1 version. The attacker can upload a specially crafted SVG file containing malicious JavaScript code. When the file is accessed, the code is executed, leading to a cross-site scripting attack.
The 'useremail' parameter in Vaidya-Mitra 1.0 is vulnerable to SQL injection attacks. An attacker can inject a payload that calls MySQL's load_file function with a UNC file path, allowing them to interact with an external domain and potentially steal sensitive information like login credentials and phone numbers.
The Joomla! com_booking component version 2.4.9 allows an attacker to enumerate all accounts by performing a GET request with a specific ID parameter.
An authentication bypass exists in when the hash of the password selected by the user incidently begins with 0e, 00e, and in some PHP versions, 0x. This is because loose type comparision is performed between the password hash and the loggedon value, which by default for an unauthenticated user is 0 and can additionally be controlled by the attacker. This allows an attacker to bypass the login and obtain remote code execution.
PimpMyLog suffers from improper access control on the account creation endpoint, allowing a remote attacker to create an admin account without any existing permissions. The username is not sanitized and can be leveraged as a vector for stored XSS. This allows the attacker to hide the presence of the backdoor account from legitimate admins. Depending on the previous configuration, an attacker may be able to view sensitive information in apache, iis, nginx, and/or php logs. The attacker can view server-side environmental variables through the debug feature, which may include passwords or api keys.
The Pluck CMS v4.7.18 is vulnerable to remote code execution (RCE) due to improper handling of user-supplied input. An attacker can exploit this vulnerability to execute arbitrary code on the target system.
WinterCMS < 1.2.3 lacks restrictions on uploading SVG files as website logos, making it vulnerable to a Persistent cross-site scripting (XSS) attack. This vulnerability arises from the ability of an attacker to embed malicious JavaScript content within an SVG file, which remains visible to all users, including anonymous visitors. Consequently, any user interaction with the affected page can inadvertently trigger the execution of the malicious script
The Admidio application version 4.2.10 is vulnerable to remote code execution (RCE). An attacker can exploit this vulnerability by uploading a malicious .phar file in the image upload section of the Announcements feature. The uploaded file can contain PHP code that executes system commands, allowing the attacker to execute arbitrary commands on the server. This can lead to unauthorized access, data theft, and further compromise of the system.
This exploit allows an attacker to bypass authentication in Cisco UCS-IMC Supervisor version 2.2.0.0 and earlier. By sending a specially crafted request to the /app/ui/ClientServlet?apiName=GetUserInfo endpoint, the attacker can gain unauthorized access to the system.
Multiple XSS vulnerabilities in ProjeQtOr Project Management System V10.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) cronStatus parameter in refreshCronIconStatus.php, (2) SVG file upload, or (3) destinationWidth parameter in ack.php.
Services By CQR