An unauthenticated attacker can inject malicious SQL queries into the vulnerable web application. This can be exploited to gain access to sensitive information stored in the database, such as user credentials, or to modify the data stored in the database.
Naukri Clone Script v3.02 is vulnerable to SQL Injection. An attacker can inject malicious SQL queries via the 'type' parameter in the 'placement.php' script. This can be exploited to gain access to sensitive information from the database.
An SQL injection vulnerability exists in Groupon Clone Script v3.01. An attacker can send a specially crafted SQL query to the vulnerable parameter 'catid' in 'product-show.php' script to execute arbitrary SQL commands in application's database. This can be exploited to disclose sensitive information such as usernames and passwords from the 'admin' table.
A vulnerability exists in Redbus Clone Script v3.05 which allows an attacker to inject malicious SQL queries via the 'hid_Busid' parameter in the 'available_seat.php' script. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
An attacker can exploit a SQL injection vulnerability in Online Cinema and Event Booking Script v2.01 to gain access to the user credentials stored in the database. By sending a specially crafted SQL query, an attacker can extract the user_name and password from the users table.
An attacker can exploit a SQL injection vulnerability in Responsive Events & Movie Ticket Booking Script to gain access to sensitive information stored in the database. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'news_desc.php' script. An attacker can send a specially crafted HTTP request containing malicious SQL statements to the vulnerable script and execute arbitrary SQL commands in application's database. This can be exploited to access sensitive information such as usernames and passwords stored in the database.
An attacker can exploit a SQL injection vulnerability in Single Theater Booking Script to extract sensitive information from the database. The vulnerable parameter is ‘newsid’ in the ‘news_desc.php’ script. An attacker can use the ‘/*!50000union*/+select+1’ payload to enumerate the database columns and ‘/*!13337union*/+select+1’ payload to extract sensitive information from the database.
A SQL injection vulnerability exists in Entrepreneur Bus Booking Script v3.03, which allows an attacker to execute arbitrary SQL commands via the 'hid_Busid' parameter in the 'available_seat.php' script. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code in the 'hid_Busid' parameter value.
Multiple parameters in the available_seat.php, seatcheck.php scripts are vulnerable to SQL injection, allowing an attacker to execute arbitrary SQL commands on the underlying database.
A buffer overflow vulnerability exists in FTPShell Client 6.53 when making an initial connection. An attacker can send a specially crafted request containing an overly long string to the FTP server, which can cause a stack-based buffer overflow and allow the attacker to execute arbitrary code on the vulnerable system.
Services By CQR