The vulnerability exists due to insufficient validation of "id" HTTP POST parameter passed to "/index.php" script. A remote authenticated attacker can execute arbitrary SQL commands in application's database.
The vulnerability exists due to insufficient sanitisation of user-supplied data passed via the 'website' HTTP POST parameter to '/?option=com_komento' URL. A remote attacker can submit a comment with specially crafted 'Website' field and execute arbitrary HTML and script code in browser in context of the vulnerable website when a user clicks on the nickname of the malicious author.
PHP library pChart 2.1.3 (and possibly previous versions) by default contains an examples folder, where the application is vulnerable to Directory Traversal and Cross-Site Scripting (XSS). It is plausible that custom built production code contains similar problems if the usage of the library was copied from the examples. The exploit author engaged the vendor before publicly disclosing the vulnerability and consequently the vendor released an official fix before the vulnerability was published.
The vulnerability is caused due to a boundary error in the processing of a project file, which can be exploited to cause a unicode buffer overflow when a user opens e.g. a specially crafted .EBP file. Successful exploitation could allow execution of arbitrary code on the affected machine.
The Adult Webmaster PHP application is vulnerable to an administrative credential disclosure vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This will allow the attacker to view the contents of the userpwdadfasdfre.txt file, which contains the administrative credentials in plaintext.
Cells Blog 3.3 is vulnerable to Cross-site Scripting (XSS) and Blind SQLite Injection. The XSS vulnerability exists in the 'msg' parameter of the 'errmsg.php' script, while the Blind SQLite Injection vulnerability exists in the 'pcid' parameter of the 'user.php' script.
This exploit is a Time Based Blind SQL Injection on POST requests using burp. The PoC for this exploit is a POST request with a malicious user_name parameter.
A SQL injection vulnerability exists in mySeatXT 0.2134. An attacker can send a specially crafted HTTP request to the vulnerable application in order to execute arbitrary SQL commands in the back-end database. The vulnerability is due to the application not properly sanitizing user-supplied input before using it in an SQL query. An attacker can exploit this vulnerability to manipulate or disclose sensitive information in the back-end database.
A SQL Injection vulnerability exists in the PizzaInn_Project web application. An attacker can send a maliciously crafted HTTP request to the vulnerable application, which can allow the attacker to execute arbitrary SQL commands on the underlying database. The vulnerable code is located in the reserve-exec.php file, where the application is not properly sanitizing user-supplied input before using it in an SQL query.
A SQL injection vulnerability exists in Simple e-document v1.31, which allows an attacker to bypass authentication by sending a specially crafted username parameter. The vulnerability is due to the application not properly sanitizing user-supplied input before using it in an SQL query. An attacker can exploit this vulnerability by sending a specially crafted username parameter containing malicious SQL code. This will cause the application to execute the malicious code, allowing the attacker to bypass authentication.
Services By CQR