header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

LightBlog 9.8 (GET,POST,COOKIE) Multiple Local File Inclusion Vulnerabilies

LightBlog 9.8 is vulnerable to multiple Local File Inclusion vulnerabilities. An attacker can exploit these vulnerabilities to include arbitrary local files on the affected system, which can lead to further attacks. The vulnerabilities exist due to insufficient sanitization of user-supplied input passed to the 'username' parameter in 'view_member.php', 'username_post' parameter in 'login.php' and 'Lightblog_username' cookie in 'check_user.php' scripts. An attacker can exploit these vulnerabilities by sending a specially crafted HTTP request containing directory traversal sequences and a URL-encoded NULL byte (%00) to the vulnerable scripts.

Limbo CMS (Private Messaging Component) Remote SQL Injection Vulnerability

A vulnerability in Limbo CMS (Private Messaging Component) allows remote attackers to inject arbitrary SQL commands via the 'id' parameter in a 'index.php?option=pms&page=open' call. An attacker can exploit this vulnerability to gain access to the database and execute arbitrary SQL commands.

XOOPS Module: makale

The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'id' parameter to 'makale.php' script. A remote attacker can send a specially crafted request to the vulnerable script and execute arbitrary SQL commands in application's database. This can be exploited to bypass authentication, gain access to sensitive data, modify data, etc.

Joomla com_ds-syndicate Sql-injetion vulnerability

A SQL injection vulnerability exists in the Joomla component ds-syndicate. An attacker can exploit this vulnerability to gain access to sensitive information such as usernames, passwords, and emails. This is done by sending a specially crafted HTTP request to the vulnerable application containing malicious SQL statements in the 'feed_id' parameter.

e107 <= 0.7.13 Blind SQL Injection Exploit

e107 presents a vulnerability in userssettings.php (line 363-395), a POST array ($_POST['ue']) goes into an update query, it cleans the values of this array but not the keys name. As the return value of the update query isn't checked, an attacker can use a blind benchmark() method to exploit the vulnerability.

Fast CLick SQL Lite 1.1.7 Remote File Inclusion Vulnerability

Fast CLick SQL Lite version 1.1.7 is vulnerable to a Remote File Inclusion vulnerability. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. This request contains a maliciously crafted URL with the vulnerable parameter CFG[CDIR] set to an arbitrary file on the server. This allows an attacker to execute arbitrary code on the vulnerable server.

Recent Exploits: