An attacker can exploit a SQL injection vulnerability in WordPress album PHOTO to gain access to the user login and password of the admin user. The exploit is achieved by sending a specially crafted HTTP request containing malicious SQL code to the vulnerable application. The malicious code is sent in the 'photo' parameter of the vulnerable page.
An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable application. The crafted request contains malicious SQL statements that are executed in the backend database. This can allow an attacker to access sensitive information from the database, modify or delete data, or even execute system commands.
An attacker can exploit this vulnerability by sending a crafted HTTP request with malicious SQL statements to the vulnerable application. This can allow the attacker to gain access to the database and execute arbitrary SQL commands.
An attacker can exploit this vulnerability by sending a crafted HTTP request with malicious SQL statements to the vulnerable application. This can allow the attacker to gain access to the database and execute arbitrary SQL commands.
Simple CMS version 1.0.3 and prior are vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability to gain access to the database and extract sensitive information such as usernames and passwords. This exploit uses a union select statement to extract the information from the cpanel_authors table.
AuraCMS 1.62 is vulnerable to multiple remote SQL injection attacks due to the lack of input validation in the 'dl.php' and 'links.php' files. If the 'magic_quotes_gpc' setting is disabled on the server, an attacker can manipulate the SQL statement in the 'kid' variable. For example, an attacker can send a request to 'http://site.korban/auracms162/index.php?pilih=dl&mod=yes&aksi=lihat&kategori=&kid=-9'[SQLI] to exploit the vulnerability.
TRUC 0.11.0 is vulnerable to a remote file disclosure vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable server. This request contains the filename of the file to be disclosed in the 'upload_filename' parameter. An attacker can use this vulnerability to disclose sensitive information such as configuration files, source code, etc.
A SQL injection vulnerability exists in the Qur'an component for Mambo and Joomla. The vulnerability is due to insufficient sanitization of user-supplied input to the 'surano' parameter in the 'index.php' script when handling a 'viewayat' action. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation may allow an attacker to gain access to the affected application, disclose sensitive information, modify data, or exploit further vulnerabilities in the underlying database.
Simple Forum versions 1.10 and 1.11 are vulnerable to SQL injection. An attacker can exploit this vulnerability by sending malicious SQL queries to the database. This can be done by appending malicious SQL queries to the vulnerable parameter in the URL. For example, an attacker can append &topic=-99999/**/UNION/**/SELECT/**/concat(0x7c,user_login,0x7c,user_pass,0x7c)/**/FROM/**/wp_users/* to the vulnerable parameter in the URL.
Simple Forum versions 2.0 and 2.1 are vulnerable to SQL injection. An attacker can exploit this vulnerability to gain access to the database and extract sensitive information such as usernames and passwords.
Services By CQR