Bigware Shop is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. A successful exploit will allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Ignite Solutions CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
AdaptCMS is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
An attacker can exploit these issues to upload arbitrary files onto the web server, execute arbitrary local files within the context of the web server, and obtain sensitive information.
TinyCMS is prone to multiple local file-include vulnerabilities and an arbitrary-file-upload vulnerability. An attacker can exploit these issues to upload arbitrary files onto the web server, execute arbitrary local files within the context of the web server, and obtain sensitive information.
VoipNow Professional is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
WHMCS is prone to a cross-site scripting vulnerability and multiple HTML-parameter-pollution vulnerabilities because it fails to properly sanitize user-supplied input. Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials, control how the page is rendered to the user, and override existing hard-coded HTTP parameters which compromises the application.
Yamamah Photo Gallery is prone to an information-disclosure vulnerability. An attacker can exploit this issue to download the database that contain sensitive information. Information harvested may aid in launching further attacks.
Nilehoster Topics Viewer is prone to multiple SQL-injection vulnerabilities and a local file-include vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker can exploit these vulnerabilities to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. By using directory-traversal strings to execute local script code in the context of the application, the attacker may be able to obtain sensitive information that may aid in further attacks.
Small-Cms is prone to a remote PHP code-injection vulnerability. An attacker can exploit this issue to inject and execute arbitrary PHP code in the context of the webserver process. This may facilitate a compromise of the application and the underlying computer; other attacks are also possible.
Services By CQR