x10 Media Adult Script 1.7 is vulnerable to multiple remote vulnerabilities such as SQL Injection, Blind SQL Injection and XSS. An attacker can exploit these vulnerabilities to gain access to sensitive information stored in the database, execute arbitrary SQL commands, and inject malicious scripts into the web page.
Miniweb 2.0 Module Survey Pro is vulnerable to Blind SQL Injection and XSS. An attacker can exploit this vulnerability by sending a malicious payload in the 'campaign_id' parameter of the 'index.php' page. For Blind SQL Injection, the attacker can send a payload like '1 and 1=2' to check if the query is true or false. For XSS, the attacker can send a malicious payload like '<script>alert(document.cookie)</script>' to execute the script in the victim's browser.
Miniweb 2.0 Module Publisher is vulnerable to Blind SQL Injection and XSS. An attacker can exploit this vulnerability by sending a malicious payload to the vulnerable parameter 'historymonth' in the URL. For Blind SQL Injection, the attacker can send a payload like 'historyyear=2009&historymonth=[BLIND]' and for XSS, the attacker can send a payload like 'historyyear=2009&historymonth=<script>alert('XSS')</script>'
A vulnerability in simplePHPWeb 0.2 allows an attacker to bypass authentication and access the admin panel without any login credentials. This is achieved by accessing the files.php page in the admin directory.
A vulnerability exists in SimpleLoginSys v0.5, which allows an attacker to bypass authentication by setting the username to [REAL_NICKNAME] ' or ' 1=1 and any password. This is due to the application not properly sanitizing user input.
A vulnerability in TT Web Site Manager 0.5 allows an attacker to bypass authentication by entering 'admin' as the username and 'or 1=1' as the password.
The vulnerability exists due to insufficient validation of user-supplied input in the 'file' parameter of the 'download.php' script. This can be exploited to download arbitrary files from the web server via a specially crafted HTTP request.
Netpet CMS 1.9 is vulnerable to a local file inclusion vulnerability due to insufficient sanitization of user-supplied input to the 'language' parameter in the 'confirm.php' script. An attacker can exploit this vulnerability to include arbitrary files from the web server, potentially leading to the execution of arbitrary code.
The vulnerability exists due to insufficient sanitization of user-supplied input in the 'offset' parameter of 'pda_projects.php' script. A remote attacker can send a specially crafted HTTP request with arbitrary file inclusion in the 'offset' parameter and execute arbitrary PHP code on the vulnerable system.
An attacker can use a SQL injection vulnerability to bypass authentication and gain access to the admin panel of a website. The attacker can use the username [real_admin_name] ' or ' 1=1 and the password cicklow to gain access. The attacker can also use the username admin or any other user to gain access.
Services By CQR