SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed.
Blogman v0.7.1 is vulnerable to a SQL injection vulnerability in the profile.php page. An attacker can exploit this vulnerability by sending a crafted HTTP request with a malicious payload to the vulnerable page. This payload will allow the attacker to extract the username and password of the user with the specified UserID.
GaleriaSHQIP is vulnerable to SQL Injection. An attacker can inject malicious SQL queries via the 'album_id' parameter in the 'index.php' script.
The Raster Twain Object Library suffers from a buffer overflow vulnerability because it fails to check the boundry of the user input.
An authentication bypass vulnerability exists in Shop Creator 4.0 due to improper validation of user-supplied input. An attacker can exploit this vulnerability to bypass authentication and gain access to the admin page. To exploit this vulnerability, an attacker can use the username 'pouya' and the password ' or '.
iGaming CMS is a content management system designed for gaming websites.
This exploit allows an attacker to add an admin account to the Pc4Uploader software. The attacker can set the username, password, and email address of the new admin account. The attacker can also set the permissions of the new admin account, such as setting the account to have full access to the software.
This exploit deletes the default Update Server and allows an attacker to gain root access to the system.
Esvon Classifieds (pdo.inc.php) and (class.phpmailer.php) are vulnerable to Remote Command Execution and Remote File Inclusion. An attacker can exploit this vulnerability by sending a maliciously crafted URL to the vulnerable server. The URL should contain the malicious code in the 'sql' parameter for Remote Command Execution and the 'lang_path' parameter for Remote File Inclusion.
Pecio is a content management system written in PHP with the intention to be a small, simple and lightweight cms for people who want to create websites including old-style information and new-style blog part. It is vulnerable to multiple remote file include vulnerability which allows an attacker to include a remote file on the web server. This can be exploited to execute arbitrary PHP code by including a malicious file from a remote location.
Services By CQR