The vulnerability is a Cross Site Scripting (XSS) and Remote SQL Injection vulnerability. The XSS vulnerability can be exploited by sending a malicious script in the post parameter. The Remote SQL Injection vulnerability can be exploited by sending a malicious payload in the message parameter.
Mini-CMS 1.0.1 is vulnerable to multiple local file inclusion vulnerabilities due to insufficient sanitization of user-supplied input. An attacker can exploit this vulnerability to include arbitrary local files, which can lead to remote code execution. This vulnerability is due to the application including files based on user-supplied input without proper sanitization. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing directory traversal sequences and a URL-encoded NULL byte (%00) to the vulnerable application. This will allow the attacker to include arbitrary local files, which can lead to remote code execution.
Mini Blog 1.0.1 is vulnerable to multiple local file inclusion vulnerabilities due to insufficient sanitization of user-supplied input to the 'page' and 'admin' parameters of the 'index.php' script. An attacker can exploit this vulnerability to include arbitrary local files and execute arbitrary code on the vulnerable system.
ASPManage Banners is prone to multiple remote vulnerabilities, including remote file upload and download. An attacker can exploit these issues to upload and download arbitrary files, allowing the attacker to execute arbitrary code on the affected computer. This can facilitate unauthorized access and privilege escalation.
Ikon AdManager 2.1 is vulnerable to a database disclosure vulnerability. An attacker can exploit this vulnerability by sending a request to the vulnerable application to access the database file ikonBAnner_AdManager.mdb.
An attacker can access the database of Professional Download Assistant by accessing the URL http://xxxx.com/[path]/database/downloads.mdb.
Natterchat v1.12 is vulnerable to Database Disclosure. An attacker can access the database file (natterchat112.mdb) which contains sensitive information such as usernames, passwords, etc. by accessing the URL http://www.target.com/natterchat112.mdb.
The w3blabor CMS was secured against hack attacks through various queries and configurations. It also works very stably and communicates quickly with the connected database. The administration is particularly easy in contrast to many other content management systems - and that's exactly what makes it special! The bug upload is in admin/inc/media.inc.php near line 71 (no check on admin privileges) and in admin/inc/meinlogo.inc.php near line 45 (no check on admin priviliges).
A vulnerability exists in Product Sale Framework v0.1 beta, where an attacker can inject malicious SQL queries into the customer.forumtopic.php page, allowing them to gain access to the admin username and password.
phpPgAdmin is a web-based administration tool for PostgreSQL. It is vulnerable to a local file inclusion vulnerability due to improper input validation. An attacker can exploit this vulnerability by sending a crafted request to the vulnerable application. This can allow the attacker to read sensitive files on the server.
Services By CQR