A vulnerability exists in WebPortal version 0.7.4 and earlier, which allows remote attackers to upload arbitrary files via the fckeditor component. An attacker can exploit this issue to upload malicious files and execute arbitrary code on the vulnerable system.
An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This can allow the attacker to execute arbitrary SQL commands in the back-end database, allowing them to access or modify critical application data, or even gain access to the underlying server.
The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'cat_id' parameter to the 'main.php' script. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation allows to read arbitrary data from the database.
A vulnerability in SkaLinks - Link Exchange Script allows an attacker to add an admin user by accessing the register.php page in the admin directory.
iBoutique v4.0 is vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This can allow an attacker to gain access to sensitive information such as usernames and passwords stored in the database.
WebPortal version 0.7.4 is vulnerable to a remote SQL injection attack. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable server. This request contains a malicious SQL query which can be used to extract sensitive information from the database, such as user passwords. The exploit code provided by the author uses the LWP::Simple module to send the malicious request and extract the MD5 password hash from the response.
An attacker can exploit a SQL injection vulnerability in Powie's PHP Forum v1.30 by sending a maliciously crafted HTTP request to the showprofil.php script. This can allow an attacker to gain access to the username, password, and email address of the user.
Sports Clubs Web Panel 0.0.1 is vulnerable to a remote file upload vulnerability. An attacker can upload a malicious file to the server by exploiting the 'Add Ground' functionality. The application does not validate the file type and allows an attacker to upload a malicious file.
This exploit allows an attacker to modify the cookie of the Yourownbux v4.0 application and gain access to the admin panel. The attacker can add more users to the admin username and use the username and password ‘Tec-n0x’ to gain access. The attacker can use the JavaScript code to modify the cookie.
Ezphotogallery 2.1 is vulnerable to an authenticated user privilege escalation attack. An attacker can exploit this vulnerability by accessing the useradmin.php page and adding a new user with administrator privileges. The attacker can also remove existing users from the system.
Services By CQR