The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'nb' parameter to '/news.php' script. A remote attacker can send a specially crafted request to the vulnerable script and execute arbitrary SQL commands in application's database. This can be exploited to bypass authentication and gain access to the administrator panel, or to gain access to sensitive information such as usernames and passwords.
RED DOT CMS 7.5 is vulnerable to SQL injection. This exploit allows an attacker to enumerate databases, tables, columns and data from the vulnerable application. The exploit is written in Python and can be used to enumerate databases, tables, columns and data from the vulnerable application.
An attacker can exploit a SQL injection vulnerability in Crazy Goomba 1.2.1 to gain access to the admin panel. By entering the following code in the [SQL] field, an attacker can gain access to the admin panel: 1'/**/union/**/select/**/0,pseudo,password,email,id,0,0/**/from/**/cg_joueurs/**. The attacker can then use the obtained credentials to log in to the admin panel at http://localhost/Crazy_Goomba_1.2.1_path/administration/admin.php.
BlogWorx is prone to multiple SQL injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit these issues to manipulate SQL queries, disclose sensitive information, modify data, and potentially compromise the application and the underlying database.
Kubelance All Versions is vulnerable to a local file inclusion vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable script. This can allow the attacker to include a local file, which can contain malicious code, and execute it on the vulnerable system.
Philboard W1L3D4 v1.0 is vulnerable to multiple SQL injection attacks. An attacker can exploit this vulnerability by sending malicious SQL queries to the vulnerable application. This can be done by sending malicious input to the 'id' and 'recordnum' parameters in the philboard_reply.asp and philboard_newtopic.asp files. An attacker can also access the admin panel by sending malicious input to the 'forumid' parameter in the philboard_newtopic.asp file.
Atter 0.9.1 is vulnerable to a local file inclusion vulnerability. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. The malicious request contains a maliciously crafted parameter value that points to a local file on the server. This allows the attacker to read the contents of the local file and gain access to sensitive information.
A vulnerability exists in XOOPS Project-Recette(Recipe)2.2 which allows an attacker to inject arbitrary SQL commands via the 'id' parameter in the 'detail.php' script. The attacker can exploit this vulnerability to gain access to the database and execute arbitrary SQL commands.
SubEdit Player is a very popular player and subtitles editor in Poland. It does not perform any boundary checks on supplied subtitles, which causes buffer overrun and throwing access violation exception on group of instructions. This can be exploited to overwrite a pointer to RtlEnterCriticalSection in PEB structure of ntdll, resulting in an access violation when executing [42424242].
A SQL injection vulnerability exists in Apartment Search Script, which allows an attacker to execute arbitrary SQL commands via the 'r' parameter in listtest.php. An attacker can exploit this vulnerability to gain access to the admin panel by using the username and password exploit strings provided. The admin panel is located at /Site_Admin/.
Services By CQR