Simple CRM suffers from SQL injection vulnerability, allowing an un-authenticated attackers to login into CRM admin panel.
Online Library Management System 1.0 is vulnerable to Arbitrary File Upload Remote Code Execution. An attacker can exploit this vulnerability by sending a maliciously crafted request to the target server. The attacker can then execute arbitrary code on the target server by uploading a malicious file. The attacker can also gain access to the target server by exploiting this vulnerability.
Online Library Management System 1.0 is vulnerable to SQL Injection. An attacker can inject malicious SQL queries via the 'Search' parameter in the 'index.php' page. This can be exploited to bypass authentication, access, modify and delete data in the back-end database.
A vulnerability has been discovered in the wpdevart wordpress plugin 'Poll, Survey, Questionnaire and Voting system' version 1.5.0 and 1.5.2. It is possible to perform a blind SQL injection on the date_answers[] parameter when casting a vote. This can be used to dump the back end database. Version 1.5.2 requires the changing of headers using an appropriate method for spoofing an IP address, such as X-Forwarded-For.
A stored cross-site scripting (XSS) vulnerability exists in WordPress Plugin WP Google Maps 8.1.11. An attacker can inject malicious JavaScript code into the Map Name field when editing a map, which will be triggered when viewing the Map List. This could allow the attacker to steal cookies and hijack user sessions.
Phone Shop Sales Managements System 1.0 is vulnerable to Insecure Direct Object Reference (IDOR) vulnerability. By modifying the id parameter in the URL, an attacker can view user details, address, payments, phone number, and email of other users.
This exploit allows an unauthenticated attacker to gain remote code execution on a vulnerable Responsive Tourism Website 3.1. The attacker can bypass the login page by using a SQL injection payload and then upload a malicious PHP shell to the server. The attacker can then access the shell via the URL and execute arbitrary commands on the server.
Simple CRM suffers from Cross-site scripting, allowing authenticated attackers to obtain administrator cookies. An attacker can exploit this vulnerability by sending a malicious payload in the 'name' parameter of the profile.php page. The payload is then stored in the database and is executed when the page is loaded.
Simple CRM suffers from Cross-site request forgery, which the attacker can manipulate user data via triggering user to visit suspicious url. The vulnerable page is /crm/profile.php. The proof of concept code includes an HTML form with hidden inputs for name, alt_email, phone, gender, address, and update, which when submitted, will update the user information.
WebSVN before 2.6.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the search parameter.
Services By CQR