GPSTracker v1.0 is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
PHP Dashboards is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Gigs v2.0 is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Mcard is vulnerable to Cross-Site Request Forgery (CSRF) attacks. An attacker can craft a malicious HTML page that when visited by an authenticated user, can cause the user to unknowingly perform actions on the vulnerable website. In this case, an attacker can craft a malicious HTML page that when visited by an authenticated user, can cause the user to unknowingly update their profile information. This can be done by sending a POST request to the vulnerable website with the malicious parameters.
PHP Dashboards is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
PHP Dashboards is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The vulnerability exists due to insufficient sanitization of user-supplied input in the 'id' parameter of '/MySqlBlobUploader/home-filet-edit.php' script. A remote attacker can execute arbitrary SQL commands in application's database, cause denial of service, bypass certain security restrictions, access, modify or delete data. There are four types of SQL injection: boolean-based blind, error-based, AND/OR time-based blind and UNION query.
MySQL Blob Uploader 1.7 is vulnerable to SQL Injection and Cross-Site Scripting. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'id' parameter of the 'home-filet-edit.php' script. An attacker can exploit this vulnerability to inject malicious SQL commands and execute arbitrary code on the vulnerable system.
MySQL Blob Uploader 1.7 is vulnerable to SQL Injection and Cross-Site Scripting. An attacker can exploit this vulnerability by sending malicious payloads to the vulnerable parameters. For SQL Injection, the attacker can use boolean-based blind, error-based, AND/OR time-based blind and UNION query payloads. For Cross-Site Scripting, the attacker can use a malicious script payload.
The vulnerability exists due to insufficient validation of user-supplied input in the 'id' and 't' parameters of the '/MySqlBlobUploader/download.php' script. A remote attacker can execute arbitrary SQL commands in the application database, inject arbitrary web script or HTML, and perform other attacks. The vulnerability is exploited by passing malicious payloads in the 'id' and 't' parameters of the '/MySqlBlobUploader/download.php' script.
Services By CQR