There is a SQL Injection vulnerability in ChurchCRM 4.4.5 via the 'PersonID' field in /churchcrm/WhyCameEditor.php. Payloads include boolean-based blind and time-based blind.
Sourcegraph prior to 3.37.0 has a remote code execution vulnerability on its gitserver service. This is due to lack of restriction on git config execution thus 'core.sshCommand' can be passed on the HTTP arguments which can contain arbitrary bash commands. Note that this is only possible if gitserver is exposed to the attacker. This is tested on Sourcegraph 3.36.3
This exploit allows an authenticated user to execute arbitrary code on the vulnerable system. The exploit works by sending a specially crafted POST request to the import_export.php page, which allows the user to upload a file. The exploit takes advantage of this functionality by sending a malicious PHP file which contains a system command. The command is then executed on the vulnerable system and the output is saved in a file in a writable system folder.
A vulnerability in TP-Link Router AX50 firmware 210730 allows an authenticated attacker to execute arbitrary code on the device. This is achieved by importing a malicious config file. The vulnerability is due to insufficient validation of user-supplied input.
index.php?sec=godmode/extensions&sec2=extensions/files_repo in Pandora FMS v7.0 NG allows authenticated administrators to upload malicious PHP scripts, and execute them via base64 decoding of the file location. This affects v7.0NG.742_FIX_PERL2020.
Due to bad sanitation in http://<IP:PORT>/control/fm-data.lua, an attacker can do command injection as root by sending a POST request with the formdata action: rename, source: /a";echo $({command}) 2>&1 > /opt/algo/web/root/a.txt;" and target: /.
The local user able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application.
A Blind SQL injection vulnerability in a Login Page (/controller/login.php) in Virtua Cobranca 12S version allows remote unauthenticated attackers to get information about application executing arbitrary SQL commands by idusuario parameter.
Marval MSM v14.19.0.12476 is vulnerable to Cross-Site Request Forgery (CSRF). An attacker can craft a malicious HTML page that contains a form with an action pointing to the vulnerable application. When a logged-in user visits the malicious page, the form will be automatically submitted, allowing the attacker to perform actions with the same privileges as the user.
Reflected Cross-Site Scripting (XSS) vulnerability in login-portal webpage of Genialcloud ProJ (and potentially in other platforms from the same software house "Avantune" since codebase seems shared with their other products: Facsys and Analysis) allows remote attacker to inject and execute arbitrary web scripts or HTML via a crafted payload. Request parameters affected is "msg".
Services By CQR