A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application.
When the user wants to add a new server on the 'Server' panel, in 'name' parameter has not had any filtration. An attacker can inject malicious JavaScript code in the 'name' parameter and execute it when the user visits the page.
A vulnerability was found in Wondershare MirrorGo 2.0.11.346. The Wodershare MirrorGo application has insecure file permissions that allow any user to modify the ElevationService.exe file. This can be exploited by a local attacker to gain elevated privileges on the system.
Microweber CMS v1.2.10 has a backup functionality. Upload and download endpoints can be combined to read any file from the filesystem. Upload function may delete the local file if the web service user has access.
WebHMI 4.1.1 is vulnerable to a Remote Code Execution (RCE) vulnerability when an authenticated user with Level2 access is present. The exploit uses a reverse shell payload to execute arbitrary code on the target system. The exploit requires the attacker to have valid credentials for the WebHMI application.
The SCADA controller is vulnerable to unauthenticated file write/overwrite and delete vulnerability. This allows an attacker to execute critical file CRUD operations on the device that can potentially allow system access and impact availability.
Authenticate and edit course section where cid parameter will appear and put your payload at there it'll work. An example of the payload is http://localhost/schoolmanagement/schoolmanagement/pages/edit-course.php?cid=-7%27%20union%20select%201,2,3,4,5--+
Application vulnerable to Directory Traversal and attacker can get root user private ssh key(id_rsa). To exploit the vulnerability, an attacker can go to App Store, click to 'install' in any free plugin, and change the installation script to '../../../root/.ssh/id_rsa'.
The `ref_code` parameter from Air Cargo Management System v1.0 appears to be vulnerable to SQL injection attacks. The payload '+(select load_file('\c5idmpdvfkqycmiqwv299ljz1q7jvej5mtdg44t.https://www.sourcecodester.com/php/15188/air-cargo-management-system-php-oop-free-source-code.htmlhag'))+' was submitted in the ref_code parameter. This payload injects a SQL sub-query that calls MySQL's load_file function with a UNC file path that references a URL on an external domain. The application interacted with that domain, indicating that the injected SQL query was executed.
An SQL injection vulnerability exists in Simple Real Estate Portal System 1.0, which allows an attacker to execute arbitrary SQL commands via the 'id' parameter in a 'view_estate' action to the '/reps/' path. An attacker can use sqlmap to exploit this vulnerability and gain access to the database.
Services By CQR