The audit_list in /show.php is vulnerable to SQL injection. An attacker can exploit this vulnerability by sending a crafted HTTP request with malicious SQL code. This can be done by appending the malicious code to the 'show' parameter in the URL. For example, http://server/path_to_webapp/show.php?show=-1%20union%20select%201,username,password,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,user(),database(),31,32%20from%20adminlogin--+
PHP NEWS 1.3.0 versions is vulnerable to CSRF attack (No CSRF token in place) meaning that if an admin user can be tricked to visit a crafted URL created by attacker (via spear phishing/social engineering), a form will be submitted to (http://sitename/path/index.php) that will change admin password. Once exploited, the attacker can login to the admin panel using the username and the password he posted in the form.
The audit_list in shop/product-details.php does not use the php function intval, which allows an attacker to inject malicious SQL code into the query. An example exploitation is http://server/shop/product-details.php?prodid=-80%27%20union%20select%201,2,concat(username,0x3a,password),4,version(),user()%20from%20user--+
Multiple vulnerabilities exist in PHP Image Database, including Reflected XSS, Stored XSS, and CSRF. Reflected XSS can be exploited by sending a maliciously crafted URL to a victim, which will execute arbitrary JavaScript code when the URL is visited. Stored XSS can be exploited by sending a maliciously crafted URL to a victim, which will execute arbitrary JavaScript code when the URL is visited. CSRF can be exploited by sending a maliciously crafted URL to a victim, which will execute arbitrary JavaScript code when the URL is visited.
There was an Anti-CSRF token while adding a post in Subrion CMS v4.0.5, named with paramater '__st', but it can be bypassed if we enter the same number of characters in the CSRF token (for e.g XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX), then the CSRF protection will be bypassed means, if we craft a malicious HTML web page, we can trick the admin/vicitm to visit a website, and after he/she visits the website, a blog post will be created with a tag like this: '</title><script>alert(document.domain);</script>' and now the XSS can be executed here: http://localhost/[SubrionPATH]/tag/title-script-alert-document-domain-script/
The PHP Telephone Directory is vulnerable to Reflected XSS and Stored XSS. In the public search, an attacker can inject malicious code into the 'key' parameter. In the administration web interface, an attacker can inject malicious code into the 'key' parameter. In the administration web directory interface, an attacker can inject malicious code into the 'pointcode', 'contacttitle', 'firstname', 'lastname', 'middlename', 'employeeID', 'otherID', 'phonenumber1', 'internalphonenumber', 'phonenumber2', 'phonenumber3', 'fax', 'mobilecell', 'email', 'alternateemail', 'chat', 'website', 'socialmedia1', 'socialmedia2', 'socialmedia3', 'contactposition', 'company', 'qualifications', 'buildingroom', 'address', 'city', 'suite', 'state', 'zip', 'country', 'notes', 'contacttype', 'contactstatus', 'contactgroup', 'contactgroup2', 'contactgroup3', 'contactgroup4', and 'contactgroup5' parameters.
Spy Emergency installs two service with an unquoted service path. To properly exploit this vulnerability, the local attacker must insert an executable file in the path of the service. Upon service restart or system reboot, the malicious code will be run with elevated privileges.
This vulnerability was discovered when the audit_list in /admin/dd.php was found to be vulnerable to SQL injection. An example exploitation is http://server/path_to_webapp/admin/dd.php?q=-1%27%20union%20select%201,version()--+ which can be used to extract information from the database. The vulnerability can be fixed by using the php function intval.
The audit_list in /page.php contains a vulnerability to SQL injection. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the web application. This can be done by appending a malicious SQL query to the 'prodid' parameter in the URL. This can allow an attacker to gain access to the database and potentially execute arbitrary code.
This vulnerability allows an attacker to inject malicious SQL queries into the vulnerable web application. The vulnerable code is located in the /admin/print_employed.php and /admin/index.php files. An attacker can exploit this vulnerability by sending a malicious HTTP request to the vulnerable web application. The malicious HTTP request contains a malicious SQL query which is injected into the vulnerable web application.
Services By CQR