The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'cid' parameter to the 'index.php' script. A remote attacker can execute arbitrary SQL commands in application's database, cause denial of service, access or modify sensitive data, exploit vulnerabilities in the underlying database and in certain cases execute arbitrary code on the system.
A vulnerability in the Joomla Component com_versioning (id) allows an attacker to inject arbitrary SQL commands via the 'id' parameter in a 'index.php?option=com_versioning&task=edit&id=' request. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is confirmed in version 1.0.2. Other versions may also be affected.
An attacker can exploit this vulnerability by sending a specially crafted SQL query to the vulnerable application. This can be done by appending the malicious SQL query to the vulnerable parameter in the URL. This will allow the attacker to gain access to the database and execute arbitrary SQL commands.
Efestech Shop v2.0 is vulnerable to SQL injection. An attacker can exploit this vulnerability to gain access to sensitive information stored in the database. The vulnerable parameter is 'cat_id' which is located in the URL. An attacker can inject malicious SQL code into the parameter to gain access to the database. The vulnerable tables are 'ayarlar', 'cat_eng', 'cat_tr', 'eng', 'lisans', 'mark_eng', 'mark_tr', 'product', 'subcat_eng', 'subcat_tr', 'tr', and 'urun_resim'.
This exploit allows an attacker to execute arbitrary code on a vulnerable system. It requires the register_globals setting to be enabled and uses the phpsploit tool to gain access. The exploit also requires a GOD admin account with either an MD5 or plain text password.
VanGogh Web CMS version 0.9 is vulnerable to a remote SQL injection vulnerability. The vulnerability exists in the 'get_article.php' file, specifically in line 339, where user-supplied input is not properly sanitized before being used in an SQL query. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL statements to the vulnerable application. This can allow the attacker to gain access to sensitive information from the database, such as usernames and passwords.
A vulnerability exists in Sisplet CMS 2008-01-24 due to insufficient sanitization of user-supplied input in the 'id' parameter of the 'index.php' script. An attacker can exploit this vulnerability to inject and execute arbitrary SQL commands in the application's back-end database, allowing for the manipulation or disclosure of arbitrary data.
A vulnerability in CAT2 version 1.2 allows an attacker to include arbitrary files from the local file system via a specially crafted URL. The vulnerable file is objects/extern/spaw/spaw_control.class.php, which allows an attacker to include arbitrary files from the local file system via the spaw_root parameter. An attacker can exploit this vulnerability by sending a specially crafted URL containing directory traversal sequences (e.g. '../../etc/passwd%00') to the vulnerable file.
Simple PHP Agenda version 2.2.4 is vulnerable to a local file inclusion vulnerability. An attacker can exploit this vulnerability by sending a crafted HTTP request with a maliciously crafted 'page' parameter. This parameter can be used to include arbitrary files from the local system, such as '/etc/passwd'.
HBR 1.3 (hm) is vulnerable to a remote file inclusion vulnerability. An attacker can exploit this vulnerability by sending a malicious URL to the vulnerable script. The malicious URL contains the path to the malicious file which will be included and executed on the vulnerable server.
Services By CQR