Yacht Listing Script v2.0 is vulnerable to SQL Injection. An attacker can inject malicious SQL queries into the vulnerable parameters of the front.php page, such as min_year, max_year, min_loa, max_loa, min_length, max_length, min_beam, and max_beam, in order to gain access to the underlying database.
An attacker can exploit a SQL injection vulnerability in Travel Tours Script v2.0 by sending malicious SQL queries to the application. This can be done by manipulating the 'sortby', 'type', 'rating_from', 'rating_to', 'price_from' and 'price_to' parameters in the 'front.php' script.
An attacker can exploit a SQL injection vulnerability in Property Listing Script v3.1 to gain unauthorized access to the application. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'controller', 'action', 'listing_search', 'min_bedrooms', 'max_bedrooms', 'min_bathrooms', and 'max_bathrooms' parameters of the 'preview.php' script. An attacker can send a specially crafted HTTP request to the vulnerable script and execute arbitrary SQL commands in the application's database. This may allow the attacker to access or modify sensitive data in the back-end database.
An attacker can exploit a SQL injection vulnerability in Pet Listing Script v3.0 to gain unauthorized access to the application. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'year_from' and 'year_to' parameters of the 'preview.php' script. An attacker can send malicious SQL queries to the application, allowing them to bypass authentication and gain access to sensitive data.
An attacker can exploit a SQL injection vulnerability in Vanelo – Wanelo Clone to gain unauthorized access to the application. By manipulating the 'q' parameter, an attacker can inject malicious SQL queries into the application and gain access to the database.
A vulnerability in Global In allows an attacker to upload arbitrary files to the server. This can be exploited by an attacker to gain access to the server and execute malicious code. The vulnerability exists in the 'post-images' directory, which allows an attacker to upload a malicious file such as File.php and execute it on the server.
SQL Injection vulnerability exists in Global In – A LinkedIn Clone, which allows an attacker to inject malicious SQL queries to the application. By exploiting this vulnerability, an attacker can gain access to sensitive information such as usernames, passwords, emails, IP addresses, etc. from the database.
An SQL injection vulnerability exists in the Domain Marketplace Script, allowing an attacker to execute arbitrary SQL commands on the underlying database. This can be exploited to gain access to sensitive information such as user credentials, payment information, etc.
e107 contains one flaw that allows an attacker to carry out an SQL injection attack. The issue is due to the "e107_plugins/pm/pm.php" script not properly saniting user-supplied input to the "keyword" POST variable. This may allow an attacker to inject or manipulate sql queries in the backend database regardless of php.ini settings.
Lack of CSRF protection in the Add User functionality of the XTMv management portal can be leveraged to create arbitrary administrator-level accounts.
Services By CQR