AJ Classifieds 2008 (and possibly prior verisons) suffers from a insecure mysql query, This allows the remote attacker to arbitrary execute mysql code/querys. The below injection will perform a SELECT query which will display admin credentials in RED text.
AJ Auction (all versions to date) suffers from a insecure mysql query, allowing a remote attacker, to arbitrary inject mysql code/query. The below injection will display the admin credentials.
AJ Article suffers from a insecure mysql query, This allows the remote attacker to arbitrary execute mysql code/querys. The below injection will perform a SELECT query which will display admin credentials in RED text.
Vortex CMS is vulnerable to Blind SQL Injection. This exploit allows an attacker to extract the username and password of a user from the database. The exploit works by sending a specially crafted HTTP request to the vulnerable server and then analyzing the response. The exploit is coded in PHP and requires the target URL, page ID and user ID as parameters.
QuickUpCMS is vulnerable to SQL Injection. This exploit allows an attacker to extract user credentials from the database. The vulnerability is due to the lack of proper input validation in the application. The exploit is coded by Lidloses_Auge and was discovered in 2008.
A remote SQL injection vulnerability exists in Joomla Component xsstream-dm 0.01 Beta. An attacker can exploit this vulnerability to gain access to the admin credentials of the application.
This exploit is used to gain access to the Joomla Component com_datsogallery 1.6. It uses a blind SQL injection vulnerability to gain access to the password of the user. The exploit sends a malicious request to the server and checks the response for the password. It also checks the version of Joomla installed on the server.
A remote SQL injection vulnerability exists in ALM - Advanced Links Management v1.5.2. An attacker can send a specially crafted HTTP request containing malicious SQL statements to the vulnerable script read.php, which can be used to extract sensitive information from the database, modify data, or execute system commands.
txtCMS 0.3 is vulnerable to a Local File Inclusion vulnerability. An attacker can exploit this vulnerability to include a file from the local host which may lead to the disclosure of sensitive information.
Phoenix View CMS is going to be an easy to use Content-Managemen-System. It's using a self-written Template-Engine. The CMS will use a self-written API and it's gonna be easy to write your own plugins and modules. The vulnerability is caused by the lack of proper input validation in the admin/admin_frame.php and admin/module/*.php files, which allows an attacker to inject malicious code into the application. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application.
Services By CQR