The vulnerability exists due to insufficient sanitization of user-supplied input passed to the 'cat' parameter in 'viewfaqs.php' script. A remote attacker can send a specially crafted HTTP request to the vulnerable script and execute arbitrary SQL commands in application's database. Successful exploitation of this vulnerability can result in compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
Article Publisher Pro is vulnerable to Blind SQL Injection. An attacker can exploit this vulnerability to gain access to the database and extract sensitive information. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'userid' parameter of the 'contact_author.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request with malicious SQL statements to the vulnerable script. This can allow the attacker to gain access to the database and extract sensitive information.
ModernBill versions 4.4.X and below are vulnerable to Remote File Inclusion and Cross-Site Scripting. An attacker can exploit this vulnerability by sending a malicious URL to the target user. The malicious URL contains a script that is hosted on a remote server. When the target user clicks on the malicious URL, the script is executed in the context of the target user's browser. This can allow the attacker to gain access to the target user's account and perform malicious activities.
An SQL injection vulnerability exists in SFS EZ Software. An attacker can exploit this vulnerability to inject malicious SQL queries into the application, allowing them to access, modify, or delete sensitive data from the database. The vulnerability is due to insufficient input validation of the 'id' parameter in the 'software-description.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request with a malicious 'id' parameter value. This will cause the application to execute the malicious SQL query and return the results to the attacker.
Discovered by d3b4g, this vulnerability allows an attacker to inject malicious SQL queries into the vulnerable application. Exploit demo: http://www.turnkeyzone.com/demos/hot/viewcomments.php?phid=-1+union+all+select+1,concat(password,username),3,4,5,6+from+admin/* and version: http: www.turnkeyzone.com/demos/hot/viewcomments.php?phid=-1+union+all+select+1,@@version,3,4,5,6/*
SFS EZ Webring is prone to a remote SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this issue to manipulate SQL queries in the back-end database, allowing the attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
A vulnerability exists in Article Publisher Pro, which allows an attacker to bypass the authentication process by entering 'admin' in the username field and any value in the password field.
SFS EZ Affiliate is prone to a remote SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this issue to manipulate SQL queries in the back-end database, allowing the attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
An attacker can exploit this vulnerability by sending a specially crafted SQL query to the vulnerable script. This can be done by appending the malicious SQL query to the vulnerable parameter 'id' in the URL. For example, www.[target].com/Script/track.php?id=-2+UNION+SELECT+concat(username,0x3e,password)+FROM+admin--
A remote SQL injection vulnerability exists in the Adult Banner Exchange Website (targetid) script. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable script. This can allow the attacker to execute arbitrary SQL commands on the underlying database.
Services By CQR