A SQL injection vulnerability exists in LIOOSYS CMS, which could allow an attacker to execute arbitrary SQL commands on the underlying database. The vulnerability is due to insufficient sanitization of user-supplied input in the 'id' parameter of the 'news.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL commands to the vulnerable script. Successful exploitation could result in unauthorized access to sensitive information or allow an attacker to modify data in the database.
SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed.
A vulnerability exists in PageDirector CMS due to improper sanitization of user-supplied input in the 'catid' and 'sub_catid' parameters of the 'result.php' script. An attacker can exploit this vulnerability to inject and execute arbitrary SQL commands in the application's back-end database, allowing for the manipulation or disclosure of arbitrary data.
This exploit allows an attacker to add an admin account to the Allomani Super Multimedia v2.5 application by using a Cross-Site Request Forgery (CSRF) attack. The attacker can craft a malicious HTML page containing a form with hidden fields that will be automatically submitted when the page is loaded. The form contains the parameters necessary to add an admin account to the application.
This exploit allows an attacker to add an admin account to the Allomani E-Store v1.0 application. The attacker can craft a malicious HTML page containing a form with hidden fields that will automatically submit the form to the vulnerable application. The form contains the parameters necessary to add an admin account, such as username, password, email, and group_id. When a user visits the malicious page, the form will be automatically submitted and the attacker will have an admin account in the application.
A vulnerability exists in YPNinc PHP Realty Script, which allows an attacker to inject arbitrary SQL commands via the docID parameter in dpage.php. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code in the docID parameter, resulting in the manipulation of the underlying database. This can be used to gain access to sensitive information such as usernames and passwords.
A vulnerability exists in YPNinc JokeScript, which allows an attacker to inject arbitrary SQL commands via the ypncat_id parameter. An attacker can exploit this vulnerability to gain access to the database and execute arbitrary commands.
PHPDirector 0.30 is vulnerable to SQL injection. An attacker can exploit this vulnerability by sending malicious SQL queries to the vulnerable application. This can be done by appending malicious SQL queries to the vulnerable parameter 'id' in the 'videos.php' page. An attacker can use the 'union' operator to retrieve data from the database. An example of such an attack is 'http://www.site.com/videos.php?id=-56+union+select+1,2,@@version,4,5,6,7,8,9,10,11,12,13,14--'
The vulnerability exists due to failure in the 'index.php' script to properly sanitize user-supplied input in 'show' variable. Attacker can alter queries to the application SQL database, execute arbitrary queries to the database, compromise the application, access or modify sensitive data, or exploit various vulnerabilities in the underlying SQL database. Attacker can use browser to exploit this vulnerability.
The log viewer facility in dotDefender does not properly htmlencode user supplied input. This leads to a cross site scripting vulnerability when the log viewer displays HTTP headers. An attacker can use curl and insert headers containing html tags using the --header switch. When the administrator views the log viewer page, his/her web browser will execute the attacker's javascript.
Services By CQR