This vulnerability allows an attacker to inject malicious SQL queries into the vulnerable application. The attacker can use this vulnerability to gain access to the database and extract sensitive information such as usernames, passwords, emails, etc. The vulnerable parameter is the ‘cat_id’ parameter in the ‘index.php’ page. The attacker can inject malicious SQL queries by using the ‘union’ keyword and the ‘concat’ function.
JaxUltraBB is vulnerable to Local File Inclusion and Remote XSS. An attacker can exploit this vulnerability by sending a crafted URL to the vulnerable application. The crafted URL contains malicious code which is executed on the vulnerable application. This can lead to the disclosure of sensitive information or execution of malicious code on the vulnerable application.
A remote file inclusion vulnerability exists in CMS Jamroom Version 3.3.5. The vulnerability is due to the 'jm_dir' parameter in the 'include/plugins/jrBrowser/purchase.php' script not properly sanitized before being used in a 'require_once' call. This can allow a remote attacker to include and execute arbitrary local files.
IPTBB is a free forum system built using PHP and mysql. An attacker can exploit this vulnerability by sending a crafted URL to the application. The URL contains a malicious payload which is appended to the vulnerable parameter. This malicious payload can be used to read sensitive files from the server.
FubarForum v1.5 is vulnerable to a local file inclusion vulnerability. This vulnerability is due to the application not properly sanitizing user-supplied input to the 'page' parameter of the 'index.php' script. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request containing directory traversal characters to the vulnerable script. This can allow the attacker to include arbitrary local files from the web server, such as the web server's 'etc/passwd' file, resulting in the disclosure of sensitive information.
FireAnt v1.3 is vulnerable to a local file inclusion vulnerability. This vulnerability is caused due to the 'page' parameter in 'index.php' not properly sanitized before being used to include files. This can be exploited to include arbitrary local files from the web server and execute arbitrary PHP code. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request containing directory traversal characters (e.g. '../') to include arbitrary local files from the web server.
Gl-SH Deaf board is programmed a free board in PHP, without My SQL, With 10 Designs and 5 languages. Local File Inclusion (LFI) in "/functions.php" in "FORUM_LANGUAGE" parameter, File (image) Upload without premission, Cross Site Scripting (XSS). Reflected XSS attack in "search.php".
AJ Auction OOPD V.1 is vulnerable to SQL injection. An attacker can exploit this vulnerability by sending malicious SQL queries to the vulnerable application. This can be done by sending a specially crafted HTTP request to the vulnerable application. An attacker can use this vulnerability to gain access to the application database and can also execute system level commands on the server.
A vulnerability exists in the Auction Web 2.0 application, which allows an attacker to inject malicious SQL queries via the 'cate_id' parameter in the 'category.php' script. An attacker can exploit this vulnerability to gain access to the admin panel by using the 'admin/index.php' script. The exploit code is available at http://localhost.com/[PaTs]/category.php?cate_id=-1+union+select+1,concat(user_name,0x3a,password),3,4+from+admin--
A remote file include vulnerability exists in Lotus Core CMS v1.0.1. An attacker can exploit this vulnerability to include a remote file containing malicious code and execute it on the vulnerable system. This can be exploited by sending a specially crafted HTTP request containing the malicious code to the vulnerable system.
Services By CQR