The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'id' parameter to the 'tr.php' script. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation may allow an attacker to gain access to the vulnerable application, disclose sensitive information, modify data, etc.
The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'id' parameter to 'tr.php' script. A remote attacker can execute arbitrary SQL commands in application's database, inject arbitrary web script or HTML and gain access to sensitive information.
tr1.php?id=-19+union+select+1,2,3,password,5,6,7,8,9,10+from+adminsettings--
The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'id' parameter to 'tr.php' script. A remote attacker can execute arbitrary SQL commands in application's database, cause information disclosure, modify data and gain access to administrative panel.
The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'id' parameter to 'tr.php' script. A remote attacker can execute arbitrary SQL commands in application's database, inject arbitrary HTML and script code, steal sensitive information, modify data, etc.
The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'id' parameter to the 'tr.php' script. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation may allow execution of arbitrary SQL commands and compromise the application, its data and the underlying system.
The vulnerability exists due to insufficient filtration of user-supplied input passed via the 'id' parameter to the 'tr.php' script. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation allows to read arbitrary data from the database, including passwords.
A Blind SQL Injection vulnerability exists in Shahrood's ndetail.php script, which allows an attacker to inject arbitrary SQL queries. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable script. This can be done by appending a malicious SQL query to the vulnerable parameter 'id' in the HTTP request. An attacker can use this vulnerability to gain access to sensitive information from the database, modify data, delete data, or even execute system level commands.
This exploit allows an attacker to remotely add, delete, and change the password of an administrator on a vulnerable Micro CMS <= 0.3.5 system. The exploit requires the attacker to know the host, path, and the administrator's ID. The attacker can then use the exploit to delete the administrator, change the administrator's password, or add a new administrator.
AJ ARTICLE is vulnerable to authentication bypass. An attacker can use the username 'admin' or '1=1' and any password to bypass authentication and gain access to the admin panel.
Services By CQR