Invoice System 1.0 is vulnerable to 'Multiple 'stored cross site scripting (xss) in the Settings option because of insufficient user supplied data. When anyone visits any other option like(Dashboard,Invoice,Category,Service,Product and also Settings option, our payload will respond as well, and when anyone again Login as Admin the payload works the same as well.
Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39, and 7.0.0 to 7.0.93 are vulnerable to cross-site scripting because the SSI printenv command echoes user provided data without escaping. Note: SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website.
Apache Tomcat versions prior to 9.0.12, 8.5.34, and 7.0.91 are prone to an open-redirection vulnerability because it fails to properly sanitize user-supplied input.
Zoo Management System 1.0 is vulnerable to 'Multiple' stored cross site scripting because of insufficient user supplied data. An attacker can exploit this vulnerability by entering malicious payloads in the Animal name, Breed, Description, Action, Title and Description fields of the application. The malicious payloads will be stored in the application and will be executed when the application is accessed by an authenticated user.
WordPress SP Project & Document Manager plugin before 4.22 is susceptible to authenticated shell upload. The plugin allows users to upload files; however, the plugin attempts to prevent PHP and other similar executable files from being uploaded via checking the file extension. PHP files can still be uploaded by changing the file extension's case, for example, from php to pHP.
The admin panel UI login can be assessed at http://{ip}/scheduler/admin/login.php. Due to the client-side input validation implemented within scripts, it is possible to bypass and access the admin panel UI by making request to "http://localhost/scheduler/admin/?page=user" and removing the javascript tag '<script>location.href="http://localhost/scheduler/admin/login.php"</script>' in the server response body. The admin panel has an upload function of profile photo accessible at http://localhost/scheduler/admin/?page=user. An attacker could upload a malicious file such as shell.php with the Content-Type: image/png. Then, the attacker have to visit the uploaded profile photo to access the shell.
Employee Record Management System 1.2 is vulnerable to stored cross site scripting (xss) in the Edit My Education because of insufficient user supplied data. An attacker can exploit this vulnerability by entering malicious payloads in the Edit My Education and Edit My Exp fields and then clicking the Update button. This will cause the malicious payload to be stored in the database and executed when the user visits the My Education page.
This exploit allows an unauthenticated attacker to upload a malicious file to the Exam Hall Management System 1.0 web application and execute arbitrary code on the server. The vulnerability exists due to the lack of authentication and validation of the uploaded file. An attacker can exploit this vulnerability by uploading a malicious file containing arbitrary code to the web application. The malicious file can then be used to execute arbitrary code on the server.
A vulnerability in the WordPress Plugin Plainview Activity Monitor 20161228 could allow an authenticated user to execute arbitrary code on the target system. The vulnerability exists due to improper input validation of the ‘ip’ parameter in the ‘admin.php?page=plainview_activity_monitor&tab=activity_tools’ page. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable system. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the target system.
The admin panel login can be assessed at http://{ip}/scheduler/admin/login.php. The username parameter is vulnerable to time-based SQL injection. Upon successful dumping the admin password hash, we can decrypt and obtain the plain-text password. Hence, we could authenticate as Administrator.
Services By CQR