An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This can allow the attacker to gain access to the database and execute arbitrary SQL commands.
miniBB 2.2 is vulnerable to Full Path Disclosure, Cross Site Scripting and Remote SQL Injection. Full Path Disclosure occurs when the $glang variable is empty and it should be an array. Cross Site Scripting can be exploited by passing a malicious script in the glang[] parameter. Remote SQL Injection can be exploited by manipulating the $xtr variable when register_globals is set to On.
A remote SQL injection vulnerability exists in Joomla Component JPad. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This can allow the attacker to execute arbitrary SQL commands in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
An attacker can exploit this vulnerability by sending a specially crafted SQL query to the vulnerable parameter 'user' in the URL. The query will be executed in the backend database and the results will be returned in the response. An example of such a query is '/index.php?option=com_comprofiler&task=userProfile&user=1/**/and/**/mid((select/**/password/**/from/**/jos_users/**/limit/**/0,1),1,1)/**/</**/Char(97)/*'
This Script will exploit a Remote Code Execution vulnerability existing in the YouTube Clone Script.
An arbitrary file overwrite as been discovered in an ActiveX control installed with the Zune software package. If a user visits the malicious page and authorize the control to run (it is not marked safe for scripting), the attacker can erase an arbitrary file.
A vulnerability was discovered in Joomla Component Filiale, which allows an attacker to inject arbitrary SQL commands via the 'idFiliale' parameter in a 'index.php' script. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code in the 'idFiliale' parameter, which is used in a SQL query. This can be exploited to disclose the contents of a database, modify data, delete data, or exploit further vulnerabilities in the underlying SQL server software.
There is a standart SQL-Injection vulnerability in the Wordpress Plugin Spreadsheet <= 0.6. The vulnerability is triggered when the ss_load.php script is called with a malicious ss_id parameter. This can allow an attacker to execute arbitrary SQL queries on the underlying database, potentially leading to the disclosure of sensitive information. The vulnerable code is located in the ss_load.php and ss_functions.php scripts.
Web Calendar suffers from a insecure mysql query which allows an attacker to inject malicious SQL queries and gain access to sensitive information such as login credentials. This exploit was discovered and coded by t0pP8uZz on 24 April 2008 and tested in ActivePerl.
A SQL injection vulnerability exists in Joomla Component FlippingBook 1.0.4. An attacker can exploit this vulnerability to gain access to the database and view sensitive information. The vulnerability is due to insufficient sanitization of user-supplied input to the 'book_id' parameter of the 'index.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL statements to the vulnerable script. Successful exploitation will result in the execution of arbitrary SQL commands on the underlying database.
Services By CQR