PG Auto Pro is prone to an SQL injection vulnerability and a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker can exploit these issues to manipulate SQL queries, steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. An attacker can also exploit this issue to execute arbitrary HTML and script code in the browser of an unsuspecting user in the context of the affected site.
eLMS Pro is prone to multiple SQL injection and XSS vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit these issues to manipulate SQL queries, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. XSS vulnerabilities occur when user-supplied data is included in dynamic content without proper validation or escaping. An attacker can exploit these issues to execute arbitrary HTML and script code in the browser of an unsuspecting user in the context of the affected site.
HauntmAx CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
GREEZLE is an easy in use site which allows to sell online any real estate objects. Visitors are able to browse, search and view properties. It allows you to create agent accounts, who can also sell any real estate objects at a fee you charge. The Provided Script as Sqli Vulnerability in Admin Login page. Use the string a' or '1'='1 for User name and Password to gain access.
A vulnerability in Image Store V 1.0 allows an attacker to upload a malicious file to the server. The attacker can use Live HTTP Headers to change the Content-Type from application/octet-stream to image/jpeg, allowing the malicious file to be uploaded. The malicious file can then be accessed at http://www.site.com/imagestore/images/06-08-2010_shell.php
A SQL injection vulnerability exists in phplist version 2.8.11. An attacker can exploit this vulnerability to gain access to sensitive information such as version, database, and user information by sending a specially crafted HTTP request to the vulnerable application.
An attacker can inject malicious SQL queries into the vulnerable web application by manipulating the 'q' parameter of the 'celeron.php' script. For example, an attacker can send the following request to the vulnerable application: http://[site]/celeron.php?q=-4+union+select+1,2,concat%28username,0x3e,pass%29+from+admin--
A vulnerability has been found in Phreebooks v2.0 which allows malicious people to access local files by entering special characters in variables used to create file paths. The attackers use “../” sequences to move up to root directory, thus permitting navigation through the file system.
A vulnerability has been found in Phreebooks v2.0 which allows malicious people to include local files by entering special characters in variables used to create file paths. The attackers use “../” sequences to move up to root directory, thus permitting navigation through the file system. The files are included into the scripts and its contents executed by the server.
Multiple permanent Cross-site Scripting vulnerabilities were found in Phreebooks v2.0, because the application fails to sanitize user-supplied input. The vulnerability can be triggered by any logged-in user who is able to add or modify Vendors, Customers, Employees or Inventary items.
Services By CQR