Fuel CMS 1.5.0 is vulnerable to Cross-Site Request Forgery (CSRF). An attacker can delete a site variable by intercepting a request and generating a CSRF POC. After that, the attacker can execute the POC in a separate browser and observe that the site variable has been deleted.
The WordPress plugin called Elementor (v. 3.6.0, 3.6.1, 3.6.2) has a vulnerability that allows any authenticated user to upload and execute any PHP file. This vulnerability, in the OWASP TOP 10 2021, is placed in position #1 (Broken Access Control). The file that contains this vulnerability is elementor/core/app/modules/onboarding/module.php. In order to work, the call must be an 'ajax call' (wp_doing_ajax()) and the method must be POST. The parameter 'action' must be 'elementor_upload_and_install_pro', the parameter '_nonce' must be retrieved after login by inspecting the /wp-admin page, and the parameter 'fileToUpload' must contain the ZIP archive we want to upload.
This vulnerability in PKP vendor software Open-journal-system version 2.4.8 to 3.3.8 all are vulnerable to xss via Host Header injection and steal password reset token vulnerability.
Input passed to the POST parameter 'Username' is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML code in a user's browser session in context of an affected site.
It was possible to store JavaScript as values for Missing Data Codes. The payload will escalate a regular user's privileges, if viewed by an account with permission to change privileges (such as an administrator).
WordPress Plugin Popup Maker <1.16.5 does not sanitise and escape some of its popup settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
The plugin does not properly sanitize the nom, pdf, mp4, webm and ogg parameters, allowing potentially dangerous characters to be inserted. This includes the reported payload, which triggers a persistent Cross-Site Scripting (XSS).
The domain users can be enumerated like userenum module of the kerbrute tool using this exploit. If you conducted a brute-force attack against a user, please run the script after 30 minutes (default settings) otherwise the results can be false positive.
Easy!Appointments < 1.4.3 is vulnerable to an unauthenticated PII (events) disclosure. An attacker can send a specially crafted request to the backend/ajax/get_available_hours endpoint to retrieve events between a given start and end date. The response contains the customer's name, email, phone number and notes.
A command injection vulnerability exists in Zyxel NWA-1100-NH access points with firmware versions prior to 2.12. An attacker can exploit this vulnerability by sending a specially crafted HTTP POST request to the login page of the device. This request contains malicious code in the 'myname' parameter which is then executed on the device.
Services By CQR