The risk of this vulnerability is high. Any user which has access to the web interface of the OmniPCX Enterprise solution will be able to execute arbitrary commands on the server with the permissions of the webserver. Remote command execution vulnerability found in script /cgi-data/FastJSData.cgi in parameter name id2 Variable id2 not being filtered when passed to the shell. Thus, arbitrary commands can be executed on the server by adding them to the user variable, separated by semicolons.
An attacker can exploit a SQL injection vulnerability in 6rbScript to gain access to the underlying database. The attacker can send a specially crafted HTTP request containing malicious SQL statements to the vulnerable application. This can allow the attacker to gain access to unauthorized data or even execute system level commands.
Netious CMS 0.4 is prone to a remote SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied data before using it in an SQL query. An attacker can exploit this issue to manipulate SQL queries by injecting arbitrary SQL code. This may allow the attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
Jokesite 2.0 is vulnerable to SQL injection. An attacker can exploit this vulnerability to gain access to the database and execute arbitrary SQL commands. The vulnerability is due to the lack of proper input validation in the 'cat_id' parameter of the 'jokes_category.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request with a malicious 'cat_id' parameter.
A vulnerability exists in MX-System 2.7.3 which allows an attacker to inject arbitrary SQL commands via the 'page' parameter in the 'index.php' page. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL commands. This can be done by sending a request with the 'page' parameter set to -1 union select 1,2,3,4,5,concat_ws(char(58),version(),user(),now())/* or -1 union select 1,2,3,4,5,concat(table_name,char(58),column_name)+from+information_schema.columns/*. This will generate an error page containing the requested information.
A SQL injection vulnerability exists in ComicShout Remote 2.5, which allows an attacker to execute arbitrary SQL commands via the 'comic_id' parameter in the 'index.php' script. An attacker can exploit this vulnerability to gain access to the admin panel by using the '/index.php?comic_id=-1+UNION+SELECT+1,2,3,concat(site_admin,char(58),site_pass),5,6+FROM+setup/*' exploit.
Multiple vulnerabilities exist in Mantis software (XSS, CSRF, Remote Code Execution). We have found an XSS vulnerability in return_dynamic_filters.php. In order to exploit this vulnerability the attacker must be authenticated. There is a Cross Site Request Forgery vulnerability in the software. If a logged in user with administrator privileges clicks on the following url, a new user 'foo' with administrator privileges is created. We have found a Remote Code Execution vulnerability in adm_config_set.php. In order to exploit this vulnerability the attacker must be authenticated as administrator.
The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'p' GET parameter to '/index.php' script. A remote attacker can send a specially crafted request to the vulnerable script and execute arbitrary SQL commands in application's database. Also, the vulnerability exists due to insecure cookie handling in '/editCss.php' script. A remote attacker can set the 'pass' cookie to '1' and gain access to the page.
This exploit allows an attacker to include a file on the web server through a vulnerable web application. The attacker can exploit this vulnerability by manipulating the 'page' parameter of the vulnerable web application to reference a file on the web server that should not be accessible directly through the web.
This exploit allows an attacker to inject malicious SQL queries into the MercuryBoard <= 1.1.5 application. This exploit is possible due to the lack of proper input validation in the do_login() function in the /func/login.php file. The exploit works depending on the version of MySQL, as the SLEEP() function was added in MySQL 5.0.12.
Services By CQR