A vulnerability exists in Joomla Component netinvoice, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the 'cid' parameter in 'index.php' is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation may allow execution of arbitrary SQL commands.
This exploit allows an attacker to upload a malicious shell to the vulnerable PHPmotion <= 2.0 application. The vulnerability exists in the update_profile.php file, which does not properly validate the file size of the uploaded file. This allows an attacker to upload a malicious shell, which can be used to gain remote access to the vulnerable application.
A vulnerability exists in MyPHP CMS 0.3.1, which allows an attacker to inject arbitrary SQL commands via the 'pid' parameter in the 'page.php' script. Magic Quote must be turned off for the attack to be successful. An attacker can exploit this vulnerability to dump username and password in clear text.
This vulnerability allows an attacker to upload malicious files directly to the web server. The attacker can exploit this vulnerability by sending a malicious file to the upload.php page of the Page Manager CMS.
This exploit is a blind SQL injection vulnerability in the Mambo Component Articles. It allows an attacker to extract the MD5 hash of the password of the first user in the database. The exploit requires a valid article ID and the path to the Mambo Component Articles installation. The exploit works by sending a specially crafted HTTP request to the vulnerable application and then analyzing the response to determine the value of the next character in the MD5 hash.
mUnky 0.0.1 is vulnerable to Local File Inclusion vulnerability. An attacker can exploit this vulnerability by sending a crafted HTTP request with maliciously crafted 'zone' parameter. This parameter can be used to include arbitrary files from the local system. An attacker can use this vulnerability to gain access to sensitive information such as /etc/passwd file.
A vulnerability exists in Webdevindo-CMS 0.1, which allows an attacker to inject arbitrary SQL commands via the 'hal' parameter in the 'index.php' script. An attacker can exploit this vulnerability to gain access to sensitive information from the database, such as usernames and passwords.
A vulnerability in the TOKOKITA web application allows an attacker to inject arbitrary SQL commands into the application. This can be exploited to gain access to the application's database and potentially gain access to sensitive information. The vulnerability exists in the 'catlist.php', 'catlist_detail.php' and 'barang.php' scripts, where user-supplied input is not properly sanitized before being used in an SQL query. This can be exploited to inject arbitrary SQL commands which will be executed in the context of the database user.
An attacker can exploit this vulnerability by sending a specially crafted SQL query to the vulnerable script. This can be done by appending a malicious SQL query to the vulnerable parameter 'linkid' in the URL. An example of this is http://www.site.org/Script/out.php?linkid=-1+union+select+1,2,3,concat_ws(0x3a,user(),version(),database()),5,6,7,8,9,10,11--. This will allow the attacker to view the database information such as the username, version, and database name.
An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable application. The crafted request contains malicious SQL query which can be used to extract sensitive information from the database. The vulnerable parameter is the ‘bannerid’ parameter which is not properly sanitized before being used in a SQL query.
Services By CQR