Via this bug, an attacker can save a file in a path that is not allowed in open_basedir. Reproduce code is provided which takes two parameters, 'p' and 'v', where 'p' is the path that the attacker wants to save the file in and 'v' is the text that the attacker wants to save in the file. When the code is run, a file is created in the path specified by the attacker with the value specified by the attacker.
BPHolidayLettings is vulnerable to SQL injection. An attacker can inject malicious SQL queries into the application and execute them in the backend database. This can lead to unauthorized access to sensitive data, such as user credentials, and other confidential information.
A vulnerability exists in Joomla Component groupjive 1.8 B4, which allows a remote attacker to include a file from a remote host via the 'absolute_path' parameter in the 'helpers.php' script. An attacker can exploit this vulnerability to execute arbitrary code on the vulnerable system.
Achievo 1.3.4 is vulnerable to a Remote File Include vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing a malicious URL in the config_atkroot parameter of the debugger.php script. This can allow an attacker to execute arbitrary code on the vulnerable system.
A blind SQL injection vulnerability exists in BPGames 1.0. An attacker can exploit this vulnerability by sending malicious SQL queries to the vulnerable application. This can be done by sending malicious SQL queries to the vulnerable application through the 'cat_id' and 'game_id' parameters in the 'main.php' and 'game.php' files respectively.
BPStudent 1.0 is vulnerable to Blind SQL Injection. This vulnerability allows an attacker to execute arbitrary SQL queries on the vulnerable application. This can be exploited to gain access to the database and the underlying system. The vulnerability is located in the 'id' parameter of the 'index.php' script. An attacker can inject arbitrary SQL code in the 'id' parameter value to execute arbitrary SQL queries.
BPMusic 1.0 is vulnerable to Blind SQL Injection. This vulnerability can be exploited by remote attackers to gain access to the database and execute arbitrary queries. The vulnerability is located in the 'id' parameter of the 'index.php' file. Remote attackers can send a specially crafted request to the vulnerable script and execute arbitrary SQL commands in the back-end database.
HB cms is vulnerable to Sql Injection. An attacker can exploit this vulnerability to gain access to the database and extract sensitive information. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'article_id' parameter of the 'update_article_hits.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request with malicious SQL statements to the vulnerable script. This can allow the attacker to gain access to the database and extract sensitive information.
BPLawyerCaseDocument 1.0 is vulnerable to SQL injection. This can be exploited to gain access to the database. The vulnerability is located in the "CaseID" parameter in the "CaseDetails.aspx" page. Input passed to the "CaseID" parameter is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation of this vulnerability requires authentication. This vulnerability is confirmed in version 1.0. Other versions may also be affected.
A SQL injection vulnerability exists in Joomla Component com_facebook, which allows an attacker to execute arbitrary SQL commands via the 'id' parameter in a 'index.php?option=com_facebook&view=student' request. An attacker can exploit this vulnerability to gain access to sensitive information from the database, such as usernames and passwords.
Services By CQR