Broken Authentication allows unauthenticated remote attacker to change password of all application users. On the vulnerable page, application isn't verifying the authentication/authorization mechanism. Due to that, all the parameters are vulnerable to broken authentication.
SQL Injection is a type of vulnerability in web applications that allows an attacker to execute unauthorized SQL queries on the database by exploiting the application's failure to properly validate user input. The attacker can use this vulnerability to bypass the security measures put in place by the application, allowing them to access or modify sensitive data, or even take control of the entire system. SQL Injection attacks can have severe consequences, including data loss, financial loss, reputational damage, and legal liability. To prevent SQL Injection attacks, developers should properly sanitize and validate all user input, and implement strong security measures, such as input validation, output encoding, parameterized queries, and access controls. Users should also be aware of the risks of SQL Injection attacks and take appropriate measures to protect their data.
The auto dealer management system supports two roles of users, one is admin, and another is a normal employee. The vulnerable page is sell_vehicle.php, which is accessible to both admin and employee users. This page is vulnerable to SQL Injection attack. The attacker can inject malicious SQL queries into the vulnerable parameter id and can access the database.
SQL Injection is a type of vulnerability in web applications that allows an attacker to execute unauthorized SQL queries on the database by exploiting the application's failure to properly validate user input. The attacker can use this vulnerability to bypass the security measures put in place by the application, allowing them to access or modify sensitive data, or even take control of the entire system. SQL Injection attacks can have severe consequences, including data loss, financial loss, reputational damage, and legal liability. To prevent SQL Injection attacks, developers should properly sanitize and validate all user input, and implement strong security measures, such as input validation, output encoding, parameterized queries, and access controls. Users should also be aware of the risks of SQL Injection attacks and take appropriate measures to protect their data.
Broken access control allows low privilege attacker to change password of all application users. On vulnerable page, application isn't verifying the authorization mechanism. Due to that, all the parameters are vulnerable to broken access control and low privilege user could view the list of user's and change any user password to access it.
The Kimai-1.30.10 is vulnerable to SameSite-Cookie-Vulnerability-session-hijacking. The attacker can trick the victim to update or upgrade the system, by using a very malicious exploit to steal his vulnerable cookie and get control of his session.
An unauthenticated attacker can take over the admin account of POLR URL 2.3.0 by sending a malicious request to the setup/finish endpoint with a setup_arguments cookie containing a JSON payload with the admin credentials.
modoboa/modoboa prior to 2.0.4 is vulnerable to an authentication bypass by primary weakness. An attacker can exploit this vulnerability by sending a POST request with the admin's username and a password from a wordlist. If the password is correct, the attacker will be able to take over the admin's account.
Self Service Password is a PHP application that allows users to change their password in an LDAP directory. It is very useful to get back an account with waiting an action from an administration especially in Active Directory environment. The password reset feature is prone to an HTTP Host header vulnerability allowing an attacker to tamper the password-reset mail sent to his victim allowing him to potentially steal his victim's valid reset token. The attacker can then use it to perform account takeover.
Intern Record System 1.0 allows SQL Injection via parameters 'phone', 'email', 'deptType' and 'name' in /intern/controller.php Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latest vulnerabilities in the underlying database.
Services By CQR