A remote SQL injection vulnerability exists in SFS EZ Adult Directory. An attacker can exploit this vulnerability to gain access to sensitive information such as passwords and emails. This vulnerability is due to improper sanitization of user-supplied input in the 'cat_id' parameter of the 'directory.php' script. An attacker can exploit this vulnerability by sending a malicious HTTP request to the vulnerable script. Successful exploitation of this vulnerability can result in unauthorized access to sensitive information.
A remote SQL injection vulnerability exists in the SFS EZ Gaming Directory script. An attacker can exploit this vulnerability to inject arbitrary SQL commands into the application, allowing them to gain access to the database and potentially gain access to sensitive information.
Tribiqcms 5.0.10a (beta) is prone to a local file inclusion vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to view sensitive files on the affected computer, potentially resulting in the disclosure of sensitive information.
Cybershare CMS is vulnerable to a Remote File Inclusion vulnerability due to a lack of proper sanitization of user-supplied input. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server, which will then include and execute the attacker-specified file.
A vulnerability exists in biqcms 5.0.9a (beta) which allows an attacker to inject malicious code into the cookie. An attacker can exploit this vulnerability by setting the COOKIE_LAST_ADMIN_USER and COOKIE_LAST_ADMIN_LANG cookies to the real admin name and language, respectively. For example, an attacker can inject the following code into the cookie: javascript:document.cookie = "COOKIE_LAST_ADMIN_USER=real_admin_name; path=/"; document.cookie = "COOKIE_LAST_ADMIN_LANG=en-GB; path=/";
e107 Plugin lyrics_menu lyrics_song.php is vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable script. This can allow an attacker to gain access to the database and execute arbitrary SQL commands.
This vulnerability allows remote attackers to inject arbitrary web script or HTML via the 'q' parameter in the 'opera:historysearch' URI handler.
MyPHP Forum (Final) version 3.0 and below is vulnerable to Blind SQL Injection and Edit Topics. The vulnerability is present in the 'member.php' script when vulnerable parameters such as 'confirm', 'newconfirm', 'reqpwd' and 'post' are not sanitized properly. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The 'post.php' script is also vulnerable to Edit Topics. This can be exploited to inject arbitrary HTML and script code.
A remote SQL injection vulnerability exists in Pro Traffic One poll_results.php script. An attacker can send a specially crafted HTTP request with an id parameter containing malicious SQL code to the vulnerable script. This can allow the attacker to view, add, modify or delete records in the back-end database.
A vulnerability exists in Booking System for Hotels Group powered by Venalsur Bookingcenter which allows an attacker to inject malicious SQL queries and XSS payloads. An attacker can exploit this vulnerability by sending a malicious SQL query or XSS payload to the vulnerable parameter OfertaID in the URL http://site.com/www_en/cadena_ofertas_ext.php?OfertaID= [sql] or http://demo.hotelsadmin.com/www_en/cadena_ofertas_ext.php?OfertaID=<script>alert(40323.6285846991)</script>
Services By CQR