An attacker can exploit a SQL injection vulnerability in Point of Sales - Multi Outlets POS v3.1 Script by sending malicious SQL queries to the application. This can allow the attacker to gain access to sensitive information stored in the database, such as user credentials and other sensitive data.
Muviko Video CMS Script is vulnerable to SQL Injection. An attacker can exploit this vulnerability to gain access to sensitive information such as usernames, passwords, and other data stored in the database. The vulnerable parameters are 'search.php?q' and 'category.php?id'. An attacker can inject malicious SQL queries into these parameters to gain access to the database.
Responsive filemanger is a PHP based file manager that make use of AJAX technology. It has various useful features. One of them is copy/cut and paste files. However, the copy/cut feature does not santize file name that will be copied/cut. Therefore, it is possible for attackers to copied/cut any files including PHP files and paste them to overwrite existing image files. Then, the attackers could download the overwritten image files to read the content of the copied/cut files. Moreover, for the cut feature, it can cause the original files to be deleted as well.
A vulnerability in Easy File Uploader Script v1.2 allows an attacker to download arbitrary files from the server. This is due to the download.php script not properly validating the id parameter, allowing an attacker to download any file from the server.
A vulnerability in FTP Made Easy PRO Script v1.2 allows an attacker to download arbitrary files from the server by manipulating the 'id' parameter in the 'download.php' script.
Easy Web Search is vulnerable to SQL injection. An attacker can exploit this vulnerability by sending malicious SQL queries to the vulnerable application. This can allow the attacker to gain access to sensitive information stored in the database, such as user credentials, or to modify the data stored in the database.
The vulnerability exists in the faq.php, support.php and blog.php files of Easy Support Tools - FAQs, Help Articles, Blog and Feedback Script v1.0, which allows an attacker to inject malicious SQL commands via the 'stt' parameter. An attacker can use the '1+Procedure+Analyse+(extractvalue(0,concat(0x27,0x496873616e2053656e63616e,0x3a,@@version)),0)-- -' payload to extract the version of the database.
An attacker can exploit a SQL injection vulnerability in the MySQL Blob Uploader - File Upload to Database PHP Script v1.0 to gain access to the database. The vulnerability exists in the download.php file, which allows an attacker to inject malicious SQL code into the 'id' parameter. This can be exploited to gain access to the database, allowing the attacker to view, modify, or delete data.
An attacker can exploit a SQL injection vulnerability in NewsBee - Fully Featured News CMS Script v1.0 by sending malicious SQL queries to the vulnerable web application. This can be done by sending a specially crafted HTTP request to the vulnerable web application. The attacker can use the 'video.php?id=' parameter to inject malicious SQL queries. Other files may also have vulnerabilities.
It is possible to run openvpn as SYSTEM with custom openvpn.conf. Using --up cmd we can execute any command.
Services By CQR