Input var id_job is vulnerable to SQL Code Injection, allowing attackers to execute arbitrary SQL queries.
An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. The attacker can inject malicious SQL code in the 'id' parameter of the 'viewjokes.php' script. This can be used to bypass authentication, access, modify and delete data in the back-end database.
A SQL injection vulnerability was discovered in Saman Portal, which allows an attacker to execute arbitrary SQL commands on the vulnerable system. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'pageid' parameter of the 'index.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL commands to the vulnerable script. This can allow the attacker to gain access to sensitive information stored in the database, modify data, execute administration operations on the database, and compromise the system.
A remote code execution vulnerability exists in Maian Greetings v2.1. An attacker can exploit this vulnerability by creating an account on the vulnerable application, uploading a malicious file, and accessing it via the ‘images/uploads/user1_1264680573.php.gif’ URL. This will allow the attacker to execute arbitrary code on the vulnerable system.
The vulnerability exists in the Creative SplashWorks-SplashSite script, which allows an attacker to inject malicious SQL queries into the application. The attacker can use the 'pg' parameter in the page.php file to inject malicious SQL queries. For example, the attacker can use the 'pg=18+and+1=1' and 'pg=18+and+1=2' queries to check if the application is vulnerable to SQL injection. The attacker can also use the 'pg=18+and+substring(@@version,1,1)=5' and 'pg=18+and+substring(@@version,1,1)=4' queries to check the version of the database.
An attacker can exploit a SQL injection vulnerability in the crownweb page.cfm script to gain access to the webadmin and Plesk control panel credentials. The attacker can use the Dork “Powered By CrownWeb.net!” inurl:”page.cfm” to find vulnerable websites. The attacker can then use the SQL injection payloads www.Localhost.com/page.cfm?id=null+and+100=99+union+select+1,2,3,4,concat(name,0x3a,password),6+from+author and www.Localhost.com/page.cfm?id=null+and+100=99+union+select+1,2,3,4,concat(ftpserver,0x3a,domainname,0x3a,ftpusername,0x3a,ftppassword),6+from+webdata to gain access to the webadmin and Plesk control panel credentials respectively.
Admin’s Custom Field page is not properly protected from standard users (Default User, role of Project Worker), which can be used with finding 2. Cross Site Scripting (XSS) via HTML Tag Options field for Custom Fields within all categories (Companies, Projects, Tasks, Calendar). Companies is vulnerable to multiple XSS attacks in the following fields: Company Name, Address1, Address2, URL, and Description. Projects is vulnerable to multiple XSS attacks, but it is only when viewing that specific project’s details. Tasks is vulnerable to XSS via the Task Name field but no other fields. Files has multiple XSS issues. Folder Name is vulnerable to XSS and File Descrption is vulnerable to XSS.
An attacker can exploit this vulnerability by sending a crafted SQL query to the vulnerable page.php file. The vulnerable parameter is ‘aid’ which can be manipulated to inject malicious SQL queries. For example, an attacker can send the following request to the vulnerable page.php file: http://server/page.php?id=21&aid=-12'union+select+1,version(),3,4,5,6,7,8-- -&s=3
Arbitrary File Upload: An attacker can upload arbitrary files to the vulnerable server by exploiting the upload.asp script. Database Disclosure: An attacker can access the eweb editor database by exploiting the eweb editor.mdb script. Administrator Bypass: An attacker can bypass the administrator authentication by using the login.asp script. Directory Traversal: An attacker can traverse the directory structure of the vulnerable server by exploiting the upload.asp and browse.asp scripts.
Joomla Component com_simplefaq is vulnerable to Blind SQL Injection. An attacker can inject malicious SQL queries in the 'catid' parameter of the 'index.php' page. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. This can be used to access or modify data in the back-end database.
Services By CQR