ProMan is vulnerable to Remote File Inclusion (RFI) and Local File Inclusion (LFI) attacks. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'page' parameter of '_center.php' and 'userLang' parameter of 'elisttasks.php', 'managepmanagers.php', 'manageusers.php', 'helpfunc.php', 'managegroups.php', 'manageprocess.php', 'manageusersgroups.php' and other files. An attacker can exploit this vulnerability to execute arbitrary PHP code on the vulnerable system.
A vulnerability exists in phpRAINCHECK version 1.0.1 and earlier which allows an attacker to inject arbitrary SQL commands. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code in the 'id' parameter in the 'print_raincheck.php' script.
phpCDB version 1.0 and below is vulnerable to a Local File Include vulnerability. This vulnerability allows an attacker to include a file from the local system or a remote system. The vulnerable parameters are lang_global in the following files: firstvisit.php, newfolder.php, showfolders.php, newlang.php, showinnerfolder.php, writecode.php, and showcode.php. An attacker can exploit this vulnerability by sending a crafted HTTP request with a malicious file path in the lang_global parameter.
Project Man version 1.0 and below is vulnerable to an authentication bypass vulnerability due to a SQL injection. An attacker can exploit this vulnerability by entering a malicious username and password into the login form. The malicious username and password can be ' or '1=1, which will bypass the authentication process and allow the attacker to gain access to the application.
This exploit allows an attacker to gain access to the admin credentials of Gravity Board X 2.0 BETA (Public Release 3) by exploiting a SQL Injection vulnerability. The exploit requires Magic_quotes to be set to Off. The exploit code is written in Perl and it takes the host and path as arguments. It then sends a request to the host with the vulnerable parameter and extracts the admin credentials from the response.
The vulnerability exists in the 'news.php' page of the website, which is vulnerable to SQL injection. An attacker can exploit this vulnerability by sending a malicious payload in the 'id' parameter of the URL, which will allow the attacker to execute arbitrary SQL queries on the database. The malicious payload can be used to extract the username and password of the users from the database.
FileExecutive is vulnerable to Cross-Site Request Forgery (CSRF) attacks. An attacker can craft a malicious HTML page that, when visited by an authenticated user, can add an admin user to the application. The malicious page contains a form that submits to the add_user.php script, which is responsible for adding new users. The form contains fields for username, password, name, root directory, max upload size, group, email, active, and admin. The form is pre-filled with values that will add an admin user.
Input passed via the 's' parameter to download.php is not properly sanitised before being used in a SQL query.
This exploit allows an attacker to inject malicious SQL commands into a vulnerable Joomla website using the com_joomlaconnect_be component. The exploit uses a blind injection technique to extract the username and password of the administrator account from the database.
The vulnerability exists in the Softbiz Recipes Portal Script, which allows an attacker to inject malicious SQL queries via the 'sbcat_id' parameter in the 'showcats.php' script. This can be exploited to gain access to the admin panel by concatenating the username and password from the 'sblnk_admin' table.
Services By CQR