Vulnerable code in cms_detect.php: Line 26: $include = isset($_REQUEST['include']) ? $_REQUEST['include'] : null; Line 115: if(!empty($include)) require_once($inc_dir.$include); PoC: http://127.0.0.1/[path]/cms_detect.php?include=../../../../../../BOOTSECT.BAK
PastelCMS 0.8.0 is vulnerable to Local File Inclusion and SQL Injection. The Local File Inclusion vulnerability can be exploited by sending a specially crafted HTTP request containing directory traversal characters. The SQL Injection vulnerability can be exploited to bypass authentication by sending a specially crafted HTTP request containing malicious SQL code.
A SQL injection vulnerability exists in CRE Loaded v6.2 in the product_info.php file. By sending a specially crafted HTTP request, an attacker can execute arbitrary SQL commands on the underlying database server.
This exploit is for Zervit Webserver 0.3. It sends a malicious request with 330 '//.' characters to the server, causing it to crash.
eLitius 1.0 is prone to a remote vulnerability that allows attackers to download the database backup. This vulnerability is due to a lack of authentication in the 'database-backup.php' script. An attacker can exploit this issue to download the database backup without authentication.
e107 contains one flaw that allows an attacker to carry out an SQL injection attack. The issue is due to the "usersettings.php" script not properly saniting user-supplied input to the hide[] key. This may allow an attacker to inject or manipulate sql queries in the backend database if magic_quotes_gpc = off.
Simpoe Event Calendar is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary PHP code within the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.
A vulnerability in wb news 2.1.2 allows an attacker to set an arbitrary cookie value by using the javascript:document.cookie="WBNEWS=[id];path=/" command. This can be used to gain access to the admin panel of the application.
WysGui CMS 1.2 BETA is vulnerable to Blind SQL Injection. The vulnerability is located in the 'cookie' parameter of the 'index.php' file. Remote attackers can inject own SQL commands to compromise the web application. The injection point is the 'cookie' parameter and the execution point is in the 'index.php' file. The exploitation is possible without authentication. Successful exploitation of the vulnerability results in database management system compromise.
CoolPlayerp Portable 2.19.1 is vulnerable to a local stack overflow vulnerability when a specially crafted .M3U file is opened. This can be exploited to execute arbitrary code by tricking a user into opening a malicious .M3U file.
Services By CQR