The unauthenticated SQL Injection and path traversal vulnerabilities in xbtitFM 4.1.18 and prior versions can be exploited without user interaction. An insecure file upload vulnerability requires enabling the file_hosting feature, which can be achieved by accessing an administrator account. These vulnerabilities can allow an attacker to extract database names, user information, and password hashes. Automated tools like sqlmap can be used to exploit these vulnerabilities and dump the database.
The Ray Project dashboard in versions <= 2.6.3 is vulnerable to command injection due to lack of validation in the format parameter. This vulnerability allows an attacker to execute arbitrary commands in the system shell. If the system is configured for passwordless sudo, the attacker can gain a root shell; otherwise, a user-level shell can be obtained.
The exploit allows an attacker to bypass authentication in Quick.CMS 6.7 by using a specific SQL injection payload. By entering the payload ' or '1'='1 in the email field and proceeding with the login, the attacker can successfully bypass the authentication and gain unauthorized access to the admin panel.
The Winter CMS version 1.2.2 is vulnerable to Server-Side Template Injection (SSTI) when an authenticated user injects malicious payloads via the CMS Pages field. This allows an attacker to execute arbitrary code and potentially take control of the server.
In TYPO3 11.5.24, there exists a path traversal vulnerability in the filelist component. Attackers, with access to the administrator panel, can exploit this vulnerability to read arbitrary files by using directory traversal via the baseuri field. An authenticated attacker can manipulate the base URI by sending a crafted POST request to /typo3/record/edit with specific parameters, ultimately allowing them to access sensitive files on the server.
The exploit involves creating a malicious zip file using the WinRAR software. By crafting a specially designed zip file, an attacker can execute arbitrary code on the target system, potentially leading to remote code execution. This vulnerability has been assigned CVE-2023-38831.
The parameter `serverName_input` in Axigen version 10.5.7 and older is vulnerable to stored cross-site scripting (XSS) attacks. This vulnerability arises due to the lack of proper input sanitization, allowing an attacker to inject malicious scripts. This can lead to the execution of arbitrary code on the victim's browser, impacting authenticated administrators and potentially enabling further attacks on higher privileged accounts.
The 'id' parameter of Computer Laboratory Management System v1.0 is prone to SQL injection attacks. By injecting a payload that includes a sub-query to MySQL's load_file function with a UNC file path pointing to an external domain, an attacker can execute malicious SQL queries and retrieve sensitive information from the system.
The KiTTY version 0.76.1.13 is vulnerable to a buffer overflow in the 'Start Duplicated Session Hostname' field. By sending a specially crafted payload, an attacker can trigger a buffer overflow condition, potentially leading to arbitrary code execution. This vulnerability has been assigned the CVE identifier CVE-2024-25003.
The Online Hotel Booking system in PHP version 1.0 is vulnerable to Blind SQL Injection. An attacker can exploit this vulnerability to extract sensitive information from the database without authentication. This exploit has not been assigned a CVE yet.
Services By CQR