SaveWebPortal is prone to multiple directory traversal vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. Exploitation of this vulnerability could lead to a loss of confidentiality and integrity. Information obtained may aid in further attacks against the underlying system; other attacks are also possible. An attacker can also execute arbitrary local PHP files through exploitation of this vulnerability. The impact of this will depend on the PHP files available.
SaveWebPortal is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
SaveWebPortal is prone to multiple remote file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these issues to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.
SaveWebPortal is prone to an unauthorized access vulnerability. This issue is due to a failure in the application to limit access to administrative scripts. An attacker may leverage this issue to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access and further attacks on the affected site. A user can bypass admin check, calling this URL: http://www.example.com/saveweb/admin/PhpMyExplorer/editerfichier.php?chemin=.&fichier=header.php&type=Source
PostNuke is prone to an SQL injection vulnerability. This issue is due to a lack of sufficient sanitization of user-supplied input. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
RunCMS is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
PHPKit is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
nePHP is prone to a cross-site scripting vulnerability. This issue is due to a lack of sanitization of user-supplied input. This vulnerability will allow a malicious user to perform attacks on an unsuspecting user in the context of the site hosting the affected application. This can lead to the theft of cookie-based authentication credentials, as well as other attacks.
Land Down Under is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
Land Down Under is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. An attacker can exploit this vulnerability by sending malicious SQL queries to the vulnerable application. Examples of vulnerable URLs include: http://www.example.com/ldu/forums.php?filter=forums%2Ephp%3Fc%3Dskin&x='; http://www.example.com/ldu/forums.php?m=topics&q=3&n='; http://www.example.com/ldu/forums.php?m='&q=3&n=last; http://www.example.com/ldu/forums.php?m=topics&s='
Services By CQR