An SQL injection vulnerability exists in Joomla! Component Recipe Manager v2.2. An attacker can send a specially crafted HTTP request to the vulnerable application in order to execute arbitrary SQL commands in the back-end database. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code in the affected parameter. The vulnerability is confirmed in version 2.2. Other versions may also be affected.
An attacker can exploit a SQL injection vulnerability in Joomla! Component Guesser v1.0.4 to gain access to the database. The attacker can send a malicious SQL query to the vulnerable parameter 'type' in the 'guessers' script. This can be done by appending the malicious SQL query to the vulnerable parameter in the following format: http://localhost/[PATH]/guessers?type=[SQL]. The malicious SQL query can be used to extract information from the database, such as usernames and passwords.
An attacker can exploit a SQL injection vulnerability in Joomla! Component StreetGuessr Game v1.0 to execute arbitrary SQL commands by sending a specially crafted HTTP request containing malicious SQL statements to the vulnerable application. The attacker can use the 'Procedure Analyse' and 'extractvalue' functions to extract the version of the database server.
A SQL injection vulnerability exists in Joomla! Component Abstract v2.1. An attacker can exploit this vulnerability to inject malicious SQL queries into the application, allowing them to bypass authentication and gain access to unauthorized data. The vulnerable parameters are 'option' and 'view' in the URL. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL queries to the vulnerable application. The malicious SQL query can be used to bypass authentication and gain access to unauthorized data.
An SQL injection vulnerability exists in the Php Classified OLX Clone Script, which allows an attacker to extract sensitive information from the database. The vulnerability is triggered when an attacker sends a specially crafted SQL query to the vulnerable parameter 'search_key' in the 'search' page. This allows the attacker to extract information such as usernames, passwords, full names, and emails from the database.
Meme Maker Script 2.1 is vulnerable to SQL Injection. An attacker can exploit this vulnerability by sending malicious SQL queries to the application. This can be done by sending a specially crafted URL to the application. For example, http://localhost/[PATH]/profil.php?user=[SQL] -2'+/*!50000union*/+select+1,2,3,4,(Select+export_set(5,@:=0,(select+count(*)from(information_schema.columns)where@:=export_set(5,export_set(5,@,table_name,0x3c6c693e,2),column_name,0xa3a,2)),@,2)),6,7-- -
A SQL injection vulnerability exists in Rage Faces Script v1.3. An attacker can exploit this vulnerability to inject malicious SQL queries into the application, allowing them to gain access to sensitive information stored in the database. The vulnerability is due to insufficient input validation in the application. An attacker can exploit this vulnerability by sending a specially crafted HTTP request with malicious SQL code to the vulnerable application.
SchoolDir is vulnerable to SQL Injection. An attacker can inject malicious SQL queries via the 'searchItem' and 'School_type' parameters in the 'search' and 'sortsearch' scripts, respectively. This can be exploited to read, modify or delete data from the database.
The File Manager WordPress Plugin is vulnerable to Cross-Site Request Forgery. An attacker can for example upload arbitrary PHP files to the server. The target parameter holds a Base64-encoded destination path. By using the proof of concept request below a file named info.php is uploaded to the /wp-content/uploads/file-manager/ directory.
The Global Content Blocks WordPress Plugin is vulnerable to Cross-Site Request Forgery. Amongst others, this issue can be used to update a content block to overwrite it with arbitrary PHP code. Visiting a page or blog post that uses this content block will cause the attacker's PHP code to be executed.
Services By CQR