The router suffers from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands as the admin (root) user via the 'ping_server_ip' POST parameter. Also vulnerable to Heartbleed.
This exploit allows an authenticated user to execute arbitrary commands on the vulnerable TextPattern CMS 4.9.0-dev system. The exploit requires the user to have valid credentials to the system. The exploit uses the ‘theplugin’ parameter to upload a malicious PHP file which contains a form with a text field. The form is used to execute arbitrary commands on the system. The exploit was tested on Ubuntu 20.04.1.
This exploit uses the SQL injection to bypass the admin login and create a new user. The new user makes a client with the shell payload and uploads the generic shellcode into the server. The shell is called from the location.
The admin login of this app is vulnerable to sql injection login bypass. Anyone can bypass admin login authentication by sending a POST request with a username of 'test' and a password of ' or 'a'='a'
An authenticated user can upload a malicious file to the Church Management System 1.0, which can be used to execute arbitrary code on the server. To exploit this vulnerability, an attacker must first login to any user account and change the profile picture. Then, the attacker can upload any PHP shell by altering its extension to .jpg or .png (e.g. test.php.jpg). Before uploading the file, the attacker must intercept the traffic using a proxy. The attacker can then change the test.php.jpg file to test.php and click forward. Finally, the attacker can find the test.php file path and execute any command.
Online Birth Certificate System 1.1 is vulnerable to stored cross site scripting (xss) in the registration form because of insufficient user supplied data. To exploit the vulnerability, an attacker can enter a malicious payload in the first name field of the registration form and click register. After successful registration, the attacker can login with the credentials and the XSS attack will be successful.
This exploit is used to bypass authentication and exploit remote code execution vulnerability in Online Voting System 1.0. It uses SQL injection to find a valid admin user and then uses a malicious image file to exploit the remote code execution vulnerability.
OpenEMR < 5.0.2 is vulnerable to an authenticated path traversal vulnerability which allows an attacker to read any file on the server. This vulnerability is due to the lack of proper input validation in the 'fileName' parameter of the 'ajax_download.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request with a malicious 'fileName' parameter.
The plugin does not properly sanitise or validate its User Field Titles, allowing XSS payload to be used in them. Furthermore, no CSRF and capability checks were in place, allowing such attack to be performed either via CSRF or as any user (including unauthenticated).
An unauthenticated SQL injection vulnerability exists in Garbage Collection Management System 1.0. An attacker can send a specially crafted HTTP POST request to the login.php page with malicious SQL payload in the username and password fields to execute arbitrary SQL commands on the underlying database.
Services By CQR