This exploit allows an attacker to execute arbitrary code on the target system by exploiting a SQL injection vulnerability in the login page of the Online Learning System 2.0. The attacker can bypass the authentication process by using a specially crafted username and password. Once authenticated, the attacker can bruteforce the webshell name and execute arbitrary code on the target system.
We can bypass laravel image file upload functionality to upload arbitary files on the web server which let us run arbitary javascript and bypass the csrf token.
Fuel CMS 1.4.13 is vulnerable to Blind SQL Injection in the 'col' parameter. An attacker can inject malicious SQL queries in the 'col' parameter and can gain access to the database. The exploit can be reproduced by logging into the panel, going to the 'Activity Log' menu, selecting any type option and then injecting a Blind SQL Injection query in the 'col' parameter.
SQL Injection vulnerability exists in Sourcecodester. Simple Subscription Website 1.0. An account takeover exists with the payload: admin' or 1=1-- -
A vulnerability in KONGA 0.14.9 allows an attacker to escalate privileges by changing a normal user to an admin user. This is done by sending a PUT request to the /api/user/<user_id> endpoint with the admin parameter set to true and the token parameter set to the token obtained from the login request. This vulnerability can be exploited by an authenticated attacker.
The plugin sanitise some fields using a wordpress built-in function called sanitize_text_field() but does not correctly escape them before outputting in attributes, resulting in Stored Cross-Site Scripting issues. The function wp_sanitize_text_field() escape < and > but does not escape characters like ", allowing an attacker to break a HTML input tag and inject arbitrary javascript.
A stored Cross-Site Scripting (XSS) vulnerability exists in AccessPress Social Icons 1.8.2 WordPress plugin. An attacker can inject malicious JavaScript code into the 'icon title' field and the code will be stored in the database. When a user visits the page, the malicious code will be executed.
WP Symposium Pro version 2021.10 plugin was exposed to stored cross site scripting vulnerability due to lack of sanitizing adding forum speciality and its 'name' label. An attacker can exploit this vulnerability by sending a malicious payload to the vulnerable parameter 'wps_admin_forum_add_name' in a POST request.
AbsoluteTelnet 11.24 suffers from a denial of service vulnerability when a maliciously crafted 'DialUp/Phone' & license name is sent to the application. This causes the application to crash.
Employee and Visitor Gate Pass Logging System PHP 1.0 suffers from a Cross Site Scripting (XSS) vulnerability. An attacker can exploit this vulnerability by creating a new department and inputting a malicious payload in the department 'name' field. This payload will be stored in the application and will be triggered for all users that navigate to the 'Department List' page.
Services By CQR