An attacker can exploit a SQL injection vulnerability in Flippy AffilatePlatform – ThisIsWhyImBroke Clone Script v4.0 to gain access to sensitive information such as usernames and passwords. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'id' parameter of the 'listing.php' script. An attacker can exploit this vulnerability by sending a specially crafted SQL query to the vulnerable script. Successful exploitation of this vulnerability can result in unauthorized access to sensitive information.
Login as regular user and access http://localhost/[PATH]/getsitedetails.php?action=editsite&siteid=[SQL] to exploit the vulnerability.
An authenticated user can inject malicious SQL queries into the 'siteid' parameter of the 'getsitedetails.php' script, allowing them to access or modify sensitive data in the back-end database.
Multiple SQL Injections and Cross Site Scriptings (XSS) vulnerabilities have been discovered in Itech Job Portal Script version 9.13. An attacker can exploit these vulnerabilities to inject malicious SQL commands and execute malicious scripts in the browser of an unsuspecting user.
AlstraSoft Template Seller Pro v3.25e Script is vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability to gain access to the database and extract sensitive information such as usernames and passwords. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'tempid' parameter of the 'buy.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL statements to the vulnerable script.
AlstraSoft Forum Pay Per Post Exchange v2.01 Script is vulnerable to SQL Injection. An attacker can inject malicious SQL queries via the 'catid' parameter in the 'index.php' script. This can be exploited to gain access to sensitive information from the database.
This exploit allows an attacker to add an administrator to the AlstraSoft FMyLife Pro v1.02 Script by sending a malicious request to the vulnerable application. The malicious request contains a specially crafted form with hidden fields that can be used to add an administrator to the application.
A Cross-Site Request Forgery (CSRF) vulnerability exists in AlstraSoft Flippa Clone MarketPlace v4.10 Script, which allows an attacker to add an admin user via a crafted HTML page. The attacker can craft a malicious HTML page that contains a form with the action set to the vulnerable URL and the parameters set to the desired values. When the victim visits the malicious page, the form is automatically submitted and the attacker can add an admin user.
AlstraSoft Video Share Enterprise v4.72 is vulnerable to SQL Injection. Attackers can exploit this vulnerability by sending malicious SQL queries to the vulnerable web application. This can be done by manipulating the 'UID', 'URLKEY', and 'GID' parameters in the 'album.php', 'uprofile.php', 'gmembers.php', and 'channel_detail.php' scripts.
The vulnerability exists in the 'mode=forums&act=viewcat&seid' and 'mode=forums&act=viewforum&cats' parameters of the index.php script, which allows an attacker to inject arbitrary SQL commands and gain access to the application.
Services By CQR