The exploit allows remote attackers to execute arbitrary code on a target system by uploading a malicious PHP file. This vulnerability affects WordPress Seotheme. CVE details are not available.
Lot Reservation Management System allows unauthenticated users to upload files, leading to remote code execution. This could potentially result in unauthorized access to the system and sensitive information.
The R Radio FM Transmitter version 1.07 is vulnerable to an improper access control issue that allows unauthenticated users to access the system.cgi endpoint and reveal the plaintext password of the admin user, facilitating authentication bypass and unauthorized access to FM station setup.
The GoAhead Web Server version 2.5 is vulnerable to multiple HTML injection flaws as it lacks proper input validation. Exploiting this vulnerability allows an attacker to execute malicious HTML code within the context of the affected site.
The Online Shopping System Advanced version 1.0 is vulnerable to SQL injection due to improper filtering of user-provided input in the 'cm' parameter. An attacker can inject malicious SQL statements through the 'cm' parameter, leading to unauthorized access to the database and exposure of sensitive information like user credentials.
The 'searchtitle' parameter in 101 News-1.0 is vulnerable to SQL injection attacks. By injecting a SQL sub-query payload that calls MySQL's load_file function with a UNC file path referencing an external domain, an attacker can execute malicious SQL queries. The application interacts with the external domain, confirming the successful execution of the injected SQL query.
An incorrect access control vulnerability exists in WyreStorm Apollo VX20 devices before version 1.3.58. Remote attackers can exploit this issue by sending a specific HTTP GET request to reboot the device.
The exploit script allows an attacker to perform an XSS attack that leads to remote code execution on Wondercms version 4.3.2. By injecting a malicious script through a crafted link, the attacker can execute arbitrary commands on the server.
The DataCube3 version 1.0 allows attackers to perform remote code execution through an unrestricted file upload vulnerability. By exploiting this flaw, an attacker could upload malicious files to the server, leading to the execution of arbitrary code. This vulnerability has been assigned CVE-2024-25830 and CVE-2024-25832.
The Boss Mini version 1.4.0 is vulnerable to local file inclusion due to improper input validation. An attacker can exploit this vulnerability to read arbitrary files on the system. This exploit has been assigned CVE-2023-3643.
Services By CQR