SyndeoCMS 2.6.0 is vulnerable to Local File Inclusion and Cross-Site Scripting. The application fails to properly sanitize user-supplied input to the 'template' parameter in 'starnet/editors/fckeditor/studenteditor.php', 'starnet/modules/sn_news/edit_content.php' and 'starnet/modules/sn_newsletter/edit_content.php' scripts. An attacker can exploit this vulnerability to include arbitrary local files and execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Experts (answer.php) Remote SQL Injection Vulnerability is a vulnerability that allows an attacker to inject malicious SQL statements into an application's code. This vulnerability can be exploited by sending a specially crafted HTTP request to the vulnerable application. The malicious SQL statement can be used to bypass authentication, access, modify and delete data in the back-end database.
ASPPortal Free Version is vulnerable to a Remote SQL Injection vulnerability. This vulnerability exists in the ‘/content/forums/reply.asp’ file, where the ‘Topic_Id’ parameter is not properly sanitized before being used in an SQL query. An attacker can exploit this vulnerability by sending a malicious SQL query to the vulnerable parameter. This can allow the attacker to gain access to sensitive information from the database, such as usernames and passwords.
Insanely Simple Blog 0.5 is vulnerable to remote SQL injection attacks. An attacker can exploit this vulnerability to gain access to sensitive information such as usernames and passwords stored in the database. The vulnerability is due to insufficient sanitization of user-supplied input in the 'id' and 'current_subsection' parameters of the 'index.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL statements to the vulnerable script. Successful exploitation of this vulnerability can result in unauthorized access to the database.
yBlog 0.2.2.2 is vulnerable to multiple remote vulnerabilities such as SQL Injection and Cross-Site Scripting. An attacker can exploit these vulnerabilities to gain access to sensitive information such as usernames and passwords, and execute malicious scripts on the vulnerable system.
A remote SQL injection vulnerability exists in DCFM Blog 0.9.4. An attacker can send a specially crafted HTTP POST request to the comments.php script with an input containing malicious SQL statements to execute arbitrary SQL commands on the underlying database.
ErfurtWiki is vulnerable to local file inclusion. An attacker can exploit this vulnerability to include local files on the web server. This can be exploited to view sensitive files on the web server, such as the /etc/passwd file. The vulnerability is due to the 'ewiki_id' parameter in the 'css.php' script not properly sanitizing user-supplied input. An attacker can exploit this vulnerability by supplying a malicious 'ewiki_id' parameter value in a GET request to the 'css.php' script. This can be exploited to include local files on the web server, such as the '/etc/passwd' file.
Achievo is vulnerable to a remote arbitrary file upload exploit due to multiple file extensions not being properly checked. An attacker can upload malicious PHP code containing arbitrary files due to the default configuration of the script.
A vulnerability in Telephone Directory 2008 allows an attacker to delete contacts by sending a malicious HTTP request to the del_query1.php script with a valid contact ID.
pNews 2.08 is vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This can allow the attacker to gain access to the database and execute arbitrary SQL commands.
Services By CQR