com_facileforms is a vulnerable Joomla component that allows attackers to inject malicious JavaScript code into the vulnerable parameter Itemid. This code is then executed in the browser of the victim when they visit the vulnerable page, allowing the attacker to steal the administrator and user cookies, leading to a full compromise of the website.
A Cross Site Scripting vulnerability exists in lineaCMS, which allows an attacker to inject malicious JavaScript code into the search.php page. This code is then executed in the browser of the victim when the page is loaded.
Joomla Component com_jm-recommend is vulnerable to Cross Site Scripting (XSS) attacks. An attacker can inject malicious JavaScript code into the vulnerable parameter Itemid and execute it in the browser of an unsuspecting user. This can be used to steal user credentials or perform other malicious actions.
A Blind SQL injection vulnerability exists in the Joomla Component com_beeheard. An attacker can exploit this vulnerability to gain access to the admin login credentials. This can be done by sending a maliciously crafted HTTP request to the vulnerable server. The malicious request contains a SQL query that will return the username and password of the admin user. The malicious request is sent to the vulnerable server in the form of a URL. The URL contains a parameter called ‘category_id’ which is set to a value of ‘null’. This is followed by a ‘union’ statement which is used to concatenate the username and password of the admin user. The malicious request is then sent to the vulnerable server and the response will contain the username and password of the admin user.
Joomla Component com_webcamxp is vulnerable to Cross Site Scripting. An attacker can exploit this vulnerability to steal administrator and user cookies. The vulnerability can be exploited by injecting malicious code in the URL parameter 'Itemid'. The malicious code can be executed when the URL is accessed by an authenticated user.
A vulnerability in PHP upload - unijimpe allows an attacker to upload a malicious file to the server. The attacker can then access the file via a URL and execute arbitrary code on the server. The vulnerability is caused by a lack of input validation in the upload.php script, which allows an attacker to upload a malicious file with a .pbmp or .pjpeg extension.
Joomla Component com_adagency is vulnerable to Local File Inclusion. An attacker can exploit this vulnerability to include local files on the server and execute arbitrary code.
The vulnerable files are search.php, uploads.php, file.php, cut.php and upload.php. An attacker can inject malicious JavaScript code in the search.php and uploads.php files via the ‘key’ and ‘p’ parameters respectively. Similarly, an attacker can inject malicious SQL code in the file.php, cut.php and upload.php files via the ‘id’ parameter.
A vulnerability exists in Smart PHP Uploader 1.0 which allows an attacker to upload a malicious file to the server. An attacker can exploit this vulnerability by sending a malicious file to the server via the phpuploader.php page. Once the file is uploaded, the attacker can access the file by visiting the URL http://server/path/yourshell.php.
An attacker can exploit this vulnerability by sending a specially crafted SQL query to the vulnerable application. This can be done by appending the malicious SQL query to the vulnerable parameter in the HTTP request. An example of such a request is http://server/upload/file.php?id=-54/**/union/**/select/**/1,concat(version(),0x3e,user(),0x3e,database()),3,4,5,6,7,8,9,10,11-- and http://server/file.php?id=-670/**/union/**/select/**/1,group_concat(admin,0x3e,pass),3,4,5,6,7,8,9,10,11/**/from+djsefu_useri--
Services By CQR