A CSV injection vulnerability was discovered in phpMyFAQ v3.1.12. An attacker can exploit this vulnerability by logging in as a user and changing their name to 'calc|a!z|' and then having an admin export users as a CSV file. This will cause a CSV injection to occur on the admin's computer, which will open the calculator.
ChurchCRM v4.5.3 and below was discovered to contain a SQL injection vulnerability via the Event parameter under the Event Attendance reports module. After Logging in, a GET request can be sent to the EventAttendance.php page with the Event parameter set to a malicious SQL query. The response will dump the usr_Username and usr_Password from the database.
Wondershare Filmora versions <= 12.2.9.2233 contains an unquoted service path which allows attackers to escalate privileges to the system level. An attacker can find the unquoted service path using the wmic command, get information about the service using the sc qc command, generate a reverse shell using msfvenom, upload the reverse shell to the unquoted service path, start a listener, and reboot the service/server to gain system level privileges.
A vulnerability exists in the SystemSettings.php file of the Multi-Vendor Online Groceries Management System 1.0, which allows an attacker to inject malicious code into the welcome.html file. This code can then be included and executed in the home.php file, allowing the attacker to execute arbitrary commands on the system.
KodExplorer is vulnerable to CSRF to Arbitrary File Upload. An attacker can craft a malicious URL and send it to the victim. When the victim opens the URL, the attacker can upload a malicious file to the victim's system. This vulnerability affects KodExplorer versions <= 4.49.
OCS Inventory NG Windows Agent versions below 2.3.1.0 contains an unquoted service path which allows attackers to escalate privileges to the system level. An attacker can find the unquoted service path using the wmic command, get informations about the service using the sc qc command, generate a reverse shell using the msfvenom command, upload the reverse shell to the vulnerable system, start a listener, and reboot the service/server to gain system level privileges.
PaperCut NG/MG versions 8.0 and later are vulnerable to an authentication bypass vulnerability. By visiting the URL http://[IP]:9191/app?service=page/Dashboard, an attacker can bypass the login page and gain access to the application.
Possible including php file with phar extension while uploading image. Rce is triggered when we visit again. Payload:<?php echo system("id"); ?>
Mars Stealer is vulnerable to an admin account takeover exploit. This exploit allows an attacker to change the admin password of the application using a POST request to the settingsactions.php file. The attacker can then use the new password to gain access to the application.
An unauthenticated remote code execution vulnerability exists in FUXA V.1.1.13-1186 due to improper input validation. An attacker can send a malicious payload to the vulnerable server to execute arbitrary code on the server.
Services By CQR