The ChurchCRM v4.5.4 software is vulnerable to a reflected cross-site scripting (XSS) attack. An authenticated attacker can upload a specially crafted image file containing XSS payload and exploit the vulnerability by tricking a user into viewing the image, resulting in the execution of malicious script code within the user's browser.
The Bludit CMS v3.14.1 is vulnerable to stored cross-site scripting (XSS) attacks. An authenticated attacker can upload a specially crafted SVG file containing malicious JavaScript code. When this file is processed by the application, the JavaScript code is executed within the context of the user's browser, leading to potential XSS attacks.
This exploit allows remote attackers to execute arbitrary code on the target system running GetSimple CMS version 3.3.16. The vulnerability is due to insufficient input validation in the software, which allows an attacker to inject malicious code and execute it remotely. This can lead to unauthorized access, data theft, and further compromise of the affected system.
The Quicklancer v1.0 script is vulnerable to SQL Injection. This can be exploited by an attacker to manipulate the SQL queries and gain unauthorized access to the database.
The Stackposts Social Marketing Tool v1.0 is vulnerable to SQL Injection. An attacker can exploit this vulnerability to execute arbitrary SQL commands on the database.
The Smart School v1.0 application is vulnerable to SQL injection. This vulnerability allows an attacker to execute arbitrary SQL queries, potentially compromising the integrity and confidentiality of the database. By exploiting the 'searchdata[0][searchfield]' parameter, an attacker can inject malicious SQL code and manipulate the database.
The LeadPro CRM v1.0 is vulnerable to SQL Injection. An attacker can exploit this vulnerability to execute arbitrary SQL queries, which could result in unauthorized access to or modification of the database.
A vulnerability was discovered on Yank Note v3.52.1 allowing a user to execute arbitrary code by opening a specially crafted file.
A vulnerability was discovered on Gin markdown editor v0.7.4 allowing a user to execute arbitrary code by opening a specially crafted file.
The vulnerability allows a normal admin to escalate their privileges to super admin by exploiting a SQL injection vulnerability in Affiliate Me version 5.0.1. The vulnerability can be exploited by sending a specially crafted request to the admin.php file with an injected query.
Services By CQR