Shop Kit Plus is prone to a local file-include vulnerability because it fails to adequately sanitize user-supplied data. An attacker can exploit this vulnerability using directory-traversal strings to execute local script code in the context of the application. This may allow the attacker to access sensitive information that may aid in further attacks.
An attacker can exploit these issues to steal cookie-based authentication credentials, upload an arbitrary PHP file, execute the file on the vulnerable computer in the context of the webserver process, retrieve arbitrary files from the vulnerable system in the context of the affected application, and delete arbitrary files on the server.
An attacker can steal authentication credentials, upload arbitrary PHP files, execute files on the vulnerable system, retrieve arbitrary files, and delete files on the server.
Pheap is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve and edit the contents of arbitrary files from the vulnerable system in the context of the affected application.
Attackers can exploit the local file-include vulnerability by using directory-traversal strings to execute local script code in the context of the application. Attackers can also exploit the arbitrary file-upload vulnerability to execute malicious PHP code in the context of the webserver process. Exploiting these issues may allow attackers to compromise the application and the underlying system or access sensitive information.
Pyrophobia is prone to multiple input-validation vulnerabilities, including multiple local file-include issues and multiple cross-site scripting issues. An attacker can exploit these issues to steal cookie-based authentication credentials, view files, and execute local scripts within the context of the affected webserver. Other attacks are also possible.
A local attacker may leverage this issue to gain access to potentially sensitive information about user permissions and accessed files. Information gained may aid in further attacks against the affected computer.
This vulnerability allows an attacker to disclose the source code of files in the cwmExplorer 1.0 application. The vulnerability exists in the show_file parameter, which is not properly sanitized before being used in a file inclusion operation. By manipulating the show_file parameter, an attacker can specify the path of any file on the server and view its source code.
The application fails to properly sanitize user-supplied input, leading to a remote file-include issue and two cross-site scripting vulnerabilities. An attacker can exploit these issues to execute arbitrary PHP code or steal authentication credentials.
Multiple input-validation vulnerabilities in Magic News Pro allow remote attackers to execute arbitrary PHP code or steal cookie-based authentication credentials via (1) a remote file-include issue and (2) two cross-site scripting vulnerabilities. An attacker can exploit these issues to execute arbitrary PHP code in the context of the webserver process or to steal cookie-based authentication credentials.
Services By CQR