Light Blog is vulnerable to multiple vulnerabilities such as lack of authentication for creating new posts, XSS, and deleting blog.php. These vulnerabilities can be exploited to create new posts, deface the blog, and delete blog.php.
A remote file include vulnerability exists in MiniBILL v2006-10-10 due to improper validation of user-supplied input. An attacker can exploit this vulnerability to include arbitrary remote files, resulting in arbitrary code execution on the vulnerable system.
A Remote File Inclusion (RFI) vulnerability exists in the ask_rave script. An attacker can exploit this vulnerability to include a remote file containing malicious code and execute it on the vulnerable system.
The Multi-Page Comment System (MPCS) is vulnerable to a Remote File Inclusion (RFI) vulnerability. An attacker can exploit this vulnerability by sending a malicious URL in the 'path' parameter of the 'include.php' and 'functions.php' scripts. This will allow the attacker to execute arbitrary code on the vulnerable system.
A remote file include vulnerability exists in class_admin.php and class_comments.php of Comment IT. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request containing a URL in the PathToComment parameter. This can allow the attacker to include a remote file containing arbitrary code, resulting in arbitrary code execution.
Imageview 5 is vulnerable to a remote code execution vulnerability. This exploit works if uploading is enabled for any album. An attacker can exploit this vulnerability by sending a specially crafted HTTP request with a malicious cookie containing PHP code. The code will be executed on the server.
Input passed to the 'txpcfg['txpath']' parameter in publish.php is not properly verified before being used. This can be exploited to execute arbitrary PHP code by including files from local or external resources.
Input passed to the "page" parameter in index.php is not properly verified before being used. This can be exploited to execute arbitrary PHP code by including files from local or external resources.
Discuz! 5.0.0 GBK is vulnerable to an SQL injection vulnerability which allows an attacker to gain access to the admin credentials. The exploit sends a GET request to the target server with the path to Discuz! and then sends a POST request to the admin/index.php page with the formhash and admin credentials. If the exploit succeeds, the attacker will be able to gain access to the admin credentials.
Berty Forum <= 1.4(index.php) is vulnerable to a blind SQL injection vulnerability. An attacker can exploit this vulnerability by sending malicious SQL queries to the vulnerable application. This can allow the attacker to gain access to sensitive information stored in the database, such as user credentials and other confidential data.
Services By CQR