An attacker may execute arbitrary SQL statements on the vulnerable system. This may compromise the integrity of the database and/or expose sensitive information. Malicious users may inject SQL querys into a vulnerable application to fool a user in order to gather data from them or see sensible information.
Interactivefx.ie CMS is vulnerable to SQL Injection. An attacker can exploit this vulnerability to bypass authentication in the admin panel by using the login 'or 1=1/*' and any password. Additionally, an attacker can exploit this vulnerability to extract sensitive information from the database by using the URL http://server/event-details.php?id=223'+select+username,password+from+users/*
This exploit takes advantage of the fact too many characters get mangled, as a result a shell can be obtained in a more straight forward way. It is based on the Zip file format and uses a payload of 'A' characters to overflow the buffer.
The script is affected by Permanent XSS vulnerability, so you can put in bad java script code <script>alert('put this script in title')</script> <meta http-equiv='Refresh' content='0;URL=http://db-exploit.com'> 1st register, Go to Blogs page, Create New Post, Inject your java script into Title Box, You must go back to Main page to see this XSS effect.
An attacker can exploit this vulnerability by sending a specially crafted SQL query to the vulnerable parameter 'software_id' of the 'com_software' component. This can allow the attacker to gain access to the database and execute arbitrary SQL queries.
An attacker can exploit this vulnerability by sending a specially crafted SQL query to the vulnerable parameter 'cid' of the 'com_wallpapers' component. This can be done by appending a malicious SQL query to the vulnerable parameter, for example: http://127.0.0.1/index.php?option=com_wallpapers&act=albums&cid=-1+UNION+SELECT+1--
New CMS is vulnerable to Local File Inclusion (LFI) vulnerability. An attacker can exploit this vulnerability to include local files on the server and execute arbitrary code. The vulnerable parameter is 'pg' which is not properly sanitized before being used in the include() function.
E-php CMS is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this vulnerability to manipulate SQL queries by injecting arbitrary SQL code. This may allow the attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
CMS By SoftnSolv (index.php) is vulnerable to SQL Injection. An attacker can inject malicious SQL code into the 'es_id', 'cid' and 'es_id' parameters of the index.php file to gain access to the database.
Easy-Clanpage is vulnerable to Blind SQL Injection. An attacker can exploit this vulnerability to gain access to the database and extract sensitive information. This exploit is possible by sending a specially crafted HTTP request to the vulnerable application. The exploit code is written in Python and can be used to extract the password of a user from the database.
Services By CQR