Error occured in lib.php, line 4/7: include ("$root/library/lib_nav.php"); include ("$root/library/lib_mods.php"); include ("$root/library/lib_admin.php"); include ("$root/library/lib_3rd.php"); variable $root not sanitized (declare). Proof of concept: http://example/[dp_path]/library/lib.php?root=[cmd_url]
The vulnerability exists due to insufficient sanitization of the 'ID' argument in engine/shards/blog.php before being used in a SQL query. This allows an attacker to inject arbitrary SQL code and extract data from the database.
Multiple vulnerabilities exist in Content-Builder (CMS) 0.7.5, which can be exploited by malicious people to conduct unauthorized activities. The vulnerabilities are caused due to the use of user-supplied input in several scripts without proper sanitization. This can be exploited to execute arbitrary commands by e.g. passing malicious parameters to the vulnerable scripts. Successful exploitation requires that the attacker can access the vulnerable scripts directly.
Error occured in spaw_control.class.php, include $spaw_root.'config/spaw_control.config.php'; include $spaw_root.'class/toolbars.class.php'; include $spaw_root.'class/lang.class.php'; variable $spaw_root not sanitized.
Parameter link in MaxiSepet <= 1.0 is not sanitized properly, allowing attackers to inject malicious SQL queries. An example of such a query is '-1 UNION SELECT concat('Üye%20adi:%20<b>',email,'</b><br>','Þifre:%20<b>',sifre,'</b>')+from+uye+ORDER BY email ASC'
A remote file include vulnerability exists in QBoard (qb_path) version v.1.1. An attacker can exploit this vulnerability to include a malicious file from a remote server and execute arbitrary code on the vulnerable system.
In nav.php of WebprojectDB, the include statement is vulnerable to remote file inclusion. An attacker can exploit this vulnerability by sending a malicious URL to the vulnerable application. The malicious URL contains the path of the malicious file which is to be included in the application. This malicious file can be used to execute arbitrary code on the vulnerable system.
phpOnDirectory is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary PHP code in the context of the webserver process. Successful exploits will result in the complete compromise of the affected application.
aePartner is vulnerable to a remote file include vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing a malicious file path in the 'dir[data]' parameter. This will allow the attacker to execute arbitrary code on the vulnerable system.
An integer overflow vulnerability exists in 0verkill 0.16, where an attacker can send a packet with an inferior number of bytes than the expected 12 bytes, which will cause the game to crash.
Services By CQR