An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable application. The crafted request contains malicious SQL statements that are executed in the backend database. This can allow an attacker to gain access to sensitive information such as usernames, passwords, and other sensitive data stored in the database.
An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable server. The crafted request contains malicious SQL statements in the 'id' parameter of the 'addtocart' page. This can allow an attacker to gain access to the database and execute arbitrary SQL commands.
There is SQL Injection vulnerability in printfeature.php in myPHPNuke. With this query you will receive login and password (hash) of administrator. Vulnerable versions are myPHPNuke < 1.8.8_8rc2. In last version the additional filters were added, so it is not vulnerable to this attack. But version 1.8.8_8rc2 is still vulnerable to SQL Injection and so limited SQL Injection attack is possible (without using spaces and brackets).
This exploit allows an attacker to gain access to the admin credentials of the e107 Plugin BLOG Engine v2.2. The exploit is done by sending a malicious HTTP request to the vulnerable website, which contains a SQL injection payload. The payload is designed to extract the admin username and password from the e107_user table. The exploit was discovered by the Virangar Security Team in 2009.
A buffer overflow vulnerability exists in VMWare COM API when a malicious user passes a large string of 2000 characters to the GuestInfo function. This can lead to arbitrary code execution on the vulnerable system.
An attacker might be able to upload arbitrary files containing malicious PHP code due to multiple file extensions not being properly checked.
An attacker can exploit a SQL injection vulnerability in CMSbright to execute arbitrary SQL commands on the underlying database. The vulnerability exists due to insufficient sanitization of user-supplied input to the 'id_rub_page' parameter of the 'public/page.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL commands. Successful exploitation of this vulnerability can result in unauthorized access to sensitive information stored in the database, modification of data, and even execution of arbitrary system commands on the server.
A SQL injection vulnerability exists in EasyClassifields v3.0. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This can allow the attacker to execute arbitrary SQL commands on the underlying database.
A SQL injection vulnerability was discovered in WeBid v0.5.4. An attacker can send a specially crafted HTTP request to the vulnerable application in order to execute arbitrary SQL commands in the back-end database. This can potentially result in the manipulation or disclosure of arbitrary data.
WeBid v0.5.4 is vulnerable to multiple exploits. Bypass authentication by entering ' or 1=1/* as username and any password. Edit the style.css file by accessing the eledicss.php page. View all SQL queries by accessing the admin_view_all_bids.php page.
Services By CQR