An attacker can exploit a SQL injection vulnerability in CodePaul ClipMass - Video Portal Site by sending malicious SQL queries to the search parameter of the application. This can be exploited to bypass authentication, access, modify and delete data in the back-end database.
SQL Injection vulnerability exists in Uploadr - Project Files Management, which allows an attacker to inject malicious SQL queries via the 'keyword' and 'file' parameters in the 'search' and 'download' scripts. Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information stored in the database.
Login as sales man user and send a malicious request to the editwatch.php page with a SQL injection payload to extract the username and password of the users.
Automated Job Portal Script is vulnerable to SQL Injection. An attacker can exploit this vulnerability to gain access to sensitive information such as usernames, passwords, emails, etc. from the database. The vulnerable parameters are 'id', 'keyword', and 'co' in the jobdetail.php, search.php, and search.php files respectively. The exploit code is '-999'+union+all+select+1,2,3,4,concat_ws(0x3c62723e,id,0x3c62723e,username,0x3c62723e,password,0x3c62723e,email),6,7,8,9,10,11,0x496873616e2053656e63616e202d207777772e696873616e2e6e6574,13,14,15,16,17,18,19,20,21,22,@@version,24,25,26,27,28+from+admin-- -
QWIKIA is vulnerable to SQL Injection. An attacker can inject malicious SQL queries via the 'q' parameter in the 'search' page. This can be exploited to bypass authentication, access, modify and delete data in the back-end database.
A SQL injection vulnerability exists in Multilanguage Estate Agency Pro 1.2, which allows an attacker to execute arbitrary SQL commands via the 'id' parameter in the 'property_show.php' script. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code in the 'id' parameter value.
This module exploits a vulnerability found in HP Smart Storage Administrator. By supplying a specially crafted HTTP request, it is possible to control the 'command' variable in function isDirectFileAccess (found in ipcelmclient.php), which will be used in a proc_open() function. Versions prior to HP SSA 2.60.18.0 are vulnerable.
An attacker can exploit a SQL injection vulnerability in Zigaform - PHP Form Builder - Contact & Survey v2.9.1 by sending a malicious SQL query to the vulnerable application. This can be done by sending a specially crafted URL to the vulnerable application. The URL contains a malicious SQL query which can be used to extract sensitive information from the database.
Takas Classified – Codeigniter PHP Classified Ad Script v1.1 is vulnerable to SQL injection. An attacker can inject malicious SQL queries via the 'subcatid', 'catid', 'locid', 'areaid', 'type', and 'post' parameters in the 'index.php/classified_ads/ads/' URL.
A vulnerability in Collabo - TeamBusiness Collaboration Network allows an authenticated user to download arbitrary files from the server by manipulating the file_id and file_name parameters in the download.php script.
Services By CQR