Simple Document Management System is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database. For version 2.0, an attacker can exploit the vulnerability by sending a crafted HTTP request with a malicious 'folder_id' parameter to the '/list.php' script. For version 1.1.5, an attacker can exploit the vulnerability by sending a crafted HTTP request with a malicious 'user' and 'password' parameter to the '/login.php' script.
The JCal Pro Calendar component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Organizer plugin for WordPress is prone to multiple security vulnerabilities, including cross-site scripting, information-disclosure, and directory-traversal. Attackers may leverage these issues to steal cookie-based authentication credentials, execute arbitrary script code in the browser, or disclose sensitive information; other attacks are also possible. Organizer 1.2.1 is vulnerable; other versions may also be affected.
The hwdVideoShare component for Joomla! is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to adequately sanitize user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the web server process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.
Simple Forum PHP is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
ADICO is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Zingiri Web Shop plugin for WordPress is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the web server process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.
Edimax IC-3030iWn is prone to an information-disclosure vulnerability. Successful exploits will allow a remote attacker to gain access to sensitive information. Information obtained will aid in further attacks. The exploit is written in Python and can be used to automate the browser launch and gain access to the web admin page.
MediaWiki is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
Invit0r plugin for WordPress is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the web server process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.
Services By CQR