picKLE is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. Exploiting this issue may allow an unauthorized user to view files and execute local scripts.
Simple one-file gallery is prone to multiple input-validation vulnerabilities, including a local file-include issue and a cross-site scripting issue. An attacker can exploit these issues to steal cookie-based authentication credentials and to view and execute arbitrary local files within the context of the affected webserver. Other attacks are also possible.
The Simple one-file gallery is prone to multiple input-validation vulnerabilities, including a local file-include issue and a cross-site scripting issue. An attacker can exploit these issues to steal cookie-based authentication credentials and to view and execute arbitrary local files within the context of the affected webserver. Other attacks are also possible.
The xt:Commerce e-commerce platform is prone to a local file-include vulnerability due to improper sanitization of user-supplied input. This vulnerability allows an unauthorized user to view files and execute local scripts by manipulating the 'template' parameter in a specific URL.
Shop Kit Plus is prone to a local file-include vulnerability because it fails to adequately sanitize user-supplied data. An attacker can exploit this vulnerability using directory-traversal strings to execute local script code in the context of the application. This may allow the attacker to access sensitive information that may aid in further attacks.
An attacker can exploit these issues to steal cookie-based authentication credentials, upload an arbitrary PHP file, execute the file on the vulnerable computer in the context of the webserver process, retrieve arbitrary files from the vulnerable system in the context of the affected application, and delete arbitrary files on the server.
An attacker can steal authentication credentials, upload arbitrary PHP files, execute files on the vulnerable system, retrieve arbitrary files, and delete files on the server.
Pheap is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve and edit the contents of arbitrary files from the vulnerable system in the context of the affected application.
Attackers can exploit the local file-include vulnerability by using directory-traversal strings to execute local script code in the context of the application. Attackers can also exploit the arbitrary file-upload vulnerability to execute malicious PHP code in the context of the webserver process. Exploiting these issues may allow attackers to compromise the application and the underlying system or access sensitive information.
Pyrophobia is prone to multiple input-validation vulnerabilities, including multiple local file-include issues and multiple cross-site scripting issues. An attacker can exploit these issues to steal cookie-based authentication credentials, view files, and execute local scripts within the context of the affected webserver. Other attacks are also possible.
Services By CQR