Viavi Movie Review is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this vulnerability to manipulate SQL queries by injecting arbitrary SQL code, allowing for the manipulation or disclosure of arbitrary data. This can be exploited to bypass authentication and gain access to unauthorized data or to modify data in the back-end database.
Viavi Real Estate is prone to an SQL injection vulnerability. An attacker can exploit this issue by supplying malicious SQL statements to the vulnerable parameter. This may allow the attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Login as student user and inject malicious SQL code into the vulnerable parameters of the URL such as 'exam_edit.php?p_e_id=[SQL]', 'student_edit.php?s_id=[SQL]', 'edit_notice.php?n_id=[SQL]', etc.
WhizBiz Business Directory CMS v1.9 is vulnerable to SQL Injection. An attacker can inject malicious SQL queries via the 'plainkey' parameter in the 'index.php/en/results' page. This can be exploited to bypass authentication and gain access to the application.
The web interface of Kodi loads a thumbnail of an image, video or add-on when selecting a category in the left menu with the following request. Insufficient validation of user input is performed on this URL resulting in a local file inclusion vulnerability. This enables attackers to retrieve arbitrary files from the filesystem by changing the location after the '/image/image%3A%2F%2F’ part.
The application suffers from a privilege escalation vulnerability. Normal user can elevate his/her privileges by sending a HTTP PATCH request seting the parameter 'Authority' to integer value '1' gaining admin rights.
The application suffers from multiple stored XSS vulnerabilities. Input passed to several API POST parameters is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
You Can Inject PHP Code INTO Pages via Wordpress REST API Vulnerability. The PoC involves sending a POST request to the WordPress REST API with a malicious payload in the content field.
An attacker can exploit a SQL injection vulnerability in HotelCMS with Booking Engine to execute arbitrary SQL commands on the underlying database. This can be done by sending maliciously crafted requests to the vulnerable application using the 'locale' parameter. The attacker can use this vulnerability to gain unauthorized access to sensitive data stored in the database, such as user credentials, or to modify data.
The vulnerability exists due to insufficient filtration of user-supplied data in the 'keyword' parameter of the 'search' script. A remote attacker can send a specially crafted request with malicious SQL statements to the vulnerable script and execute arbitrary SQL commands in application's database. This can be exploited to manipulate SQL queries to view, add, modify and delete records in the back-end database.
Services By CQR