An attacker can compromise the database of the application using some automated(or manual) tools like SQLmap. An attacker can dump the database of the application remotely.
Webrun version 3.6.0.42 is vulnerable to SQL Injection, applied to the P_0 parameter used to set the username during the login process. In the post request, change the P_0 value to the following payload: 121')+AND+5110%3dCAST((CHR(113)||CHR(118)||CHR(118)||CHR(120)||CHR(113))||(SELECT+(CASE+WHEN+(5110%3d5110)+THEN+1+ELSE+0+END))%3a%3atext||(CHR(113)||CHR(98)||CHR(122)||CHR(98)||CHR(113))+AS+NUMERIC)+AND+('AYkd'%3d'AYkd. If the return has the value 'qvvxq1qbzbq', you will be able to successfully exploit this.
This exploit allows an attacker to gain access to sensitive information from the WP Guppy plugin by using the WP_JSON API. The attacker can use the exploit to get all users, send messages from/to other users, and get the chats between users.
GNU gdbserver is vulnerable to a Remote Command Execution (RCE) vulnerability. An attacker can send a specially crafted packet to the gdbserver, which will execute arbitrary code on the target system. The vulnerability is due to the lack of proper validation of user-supplied input when handling the 'vCont' command. This allows an attacker to send a malicious payload to the gdbserver, which will be executed on the target system.
The Aimeos E-Commerce framework Laravel application is vulnerable to SQL injection via the 'sort' parameter on the json api.
Smart Product Review is a WordPress plugin developed by CodeFlip that allows users to add reviews to their products. The plugin version 1.0.4 is vulnerable to an arbitrary file upload vulnerability. An attacker can upload a malicious file to the server and gain remote code execution. This vulnerability can be exploited by an unauthenticated attacker.
Code execution is the result of GitLab allowing remote unauthenticated attackers to provide DjVu files to ExifTool (see: CVE-2021-22204). As such, exploitation of GitLab takes two steps. First generating the payload and then sending it. Generating the payload involves creating a DjVu image named lol.jpg that will trigger a reverse shell to 10.0.0.3 port 1270. Sending the payload involves using curl to send the payload to the GitLab instance.
This module exploits an input validation error on the log file extension parameter. It does not properly validate upper/lower case characters. Once this occurs, the application log file will be treated as a php file. The log file can then be populated with php code by changing the username of a valid user, as this info is logged. The php code in the file can then be executed by sending an HTTP request to the log file. A similar issue was reported by the same researcher where a blank file extension could be supplied and the extension could be provided in the file name. This exploit will work on those versions as well, and those references are included.
Bludit 3.13.1 is vulnerable to Cross Site Scripting (XSS) when a malicious user enters a specially crafted username. The malicious code is triggered when the user visits the login page and enters the username with the malicious code. The code is then executed in the browser of the user.
Multiple stored cross-site scripting (XSS) vulnerabilities in Tecnoteca CMDBuild 3.3.1 allow remote attackers to inject arbitrary web script or HTML via a crafted SVG document. The attack vectors include Add Attachment, Add Office, and Add Employee. Almost all add sections.
Services By CQR