This exploit allows an attacker to gain access to the top 1 row value of the csc_customer table by exploiting a SQL injection vulnerability in the CaupoShop Classic 1.3 web application. The exploit is achieved by sending a malicious HTTP request to the vulnerable web application.
Orlando CMS is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary PHP code within the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.
A remote SQL injection vulnerability exists in CMS-BRD. An attacker can send a specially crafted HTTP request to the vulnerable script and execute arbitrary SQL commands in the back-end database, resulting in the manipulation or disclosure of arbitrary data.
A remote SQL injection vulnerability exists in samart-cms 2.0. An attacker can send a specially crafted HTTP request containing malicious SQL statements to the vulnerable script, which will then be executed in the back-end database. This can allow the attacker to gain access to sensitive information such as usernames and passwords stored in the database.
ACADEMIC WEB TOOLS (AWT) yektaweb is a Persian content management system (CMS) which can manage university conferences and journals too. Directory Traversal in "/download.php" in "dfile" parameter, SQL Injection in "/rating.php" in "book_id" parameter, Reflected XSS attack in "/login.php" in URL parameters, Reflected XSS attack in "/hta/htmlarea.js.php" in "glb_sid" parameters, Reflected redirect XSS attack in "/rss_getfile.php" in "file" parameters, Stored XSS attack in "/room.php" chat service and Session Management Flaw in "/homepg/index.php" and "/homepg/login.php" are vulnerable to session fixation.
A vulnerability exists in OwnRS Blog beta3, which allows an attacker to inject arbitrary SQL commands via the 'id' parameter in the 'clanek.php' script. The vulnerability is due to the application not properly sanitizing user-supplied input. An attacker can exploit this vulnerability to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation could result in the manipulation of queries, information disclosure, and could potentially allow an attacker to gain unauthorized access to the application.
A SQL injection vulnerability exists in BoatScripts Classifieds. An attacker can send a specially crafted HTTP request to the vulnerable application to execute arbitrary SQL commands in the back-end database, allowing them to access or modify application data, or exploit implementation flaws to gain elevated access privileges.
Carscripts Classifieds is prone to a SQL injection vulnerability. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. The attacker can also execute arbitrary SQL code in the context of the application. This issue affects the 'cat' parameter of the 'index.php' script. This issue is being exploited in the wild.
nweb2fax is vulnerable to multiple remote vulnerabilities. The first vulnerability is a Local File Inclusion vulnerability which allows an attacker to read any file on the server. The second vulnerability is an Arbitrary File Download vulnerability which allows an attacker to download any file from the server. The third vulnerability is a Remote Command Execution vulnerability which allows an attacker to execute arbitrary commands on the server.
The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'cat' parameter to '/mybizz/index.php' script. A remote attacker can send a specially crafted request to the vulnerable script and execute arbitrary SQL commands in application's database. This can be exploited to disclose sensitive information, modify data, compromise the system, etc.
Services By CQR