This exploit allows an authenticated user to execute arbitrary code on a vulnerable PostgreSQL server. The exploit uses a base64 encoded payload which is passed to the PostgreSQL server via a SELECT statement. The payload is then decoded and executed on the server.
CSZ CMS 1.2.9 is vulnerable to Blind SQL Injection. An authenticated user can inject malicious SQL queries in the 'fieldS[]' or 'orderby' parameter of the 'General Menu > CSV Export / Import' page. By issuing sleep(0) response will be delayed to 0 seconds. By issuing sleep(1) response will be delayed to 1 seconds. By issuing sleep(5) response will be delayed to 5 seconds. By issuing sleep(10) response will be delayed to 10 seconds.
An attacker can exploit a Local File Read vulnerability in WordPress Plugin admin-word-count-column version 2.2. The vulnerability exists due to the lack of proper validation of user-supplied input in the 'path' parameter of the 'download-csv.php' script. A remote attacker can send a specially crafted request to the vulnerable script and read arbitrary files from the server. The attacker can also inject a null byte to bypass the file extension check and read any file from the server.
The WordPress Plugin video-synchro-pdf version 1.7.4 is vulnerable to Local File Inclusion. The vulnerable code is present in the file video-synchro-pdf/reglages/Menu_Plugins/tout.php. The code does not properly validate user input and allows an attacker to include arbitrary files from the local system. An attacker can exploit this vulnerability by sending a crafted HTTP request with a malicious file path in the 'p' parameter. This will allow the attacker to read the contents of the file and potentially execute arbitrary code.
The vulnerability exists due to insufficient sanitization of user-supplied input in the 'controller' parameter of the 'tblight.php' script. A remote attacker can send a specially crafted request to the vulnerable script and execute arbitrary PHP code on the target system.
Cross site forgery vulnerability has been identified in curtain WordPress plugin that allows an attacker to to activate or deactivate sites maintenance mode.
A file upload functionality in Atom CMS 2.0 allows any non-privileged user to gain access to the host through the uploaded files, which may result in remote code execution.
User input passed through the 'groups' POST parameter to the /include/findusers.php script is not properly sanitized before being passed to the icms_member_Handler::getUserCountByGroupLink() and icms_member_Handler::getUsersByGroupLink() methods. These methods use the first argument to construct a SQL query without proper validation, and this can be exploited by remote attackers to e.g. read sensitive data from the 'users' database table through boolean-based SQL Injection attacks. The application uses PDO as a database driver, which allows for stacked SQL queries, as such this vulnerability could be exploited to e.g. create a new admin user and execute arbitrary PHP code.
The WordPress Plugin amministrazione-aperta version 3.7.3 is vulnerable to Local File Inclusion (LFI). An unauthenticated attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable file dispatcher.php with the parameter 'open' set to the path of the file to be included. This can allow the attacker to read sensitive files from the server.
The application suffers from an authenticated stored XSS vulnerability. The issue is triggered when input passed to the 'Name' parameter is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Services By CQR
