Unauthenticated file upload is possible via /admin/candidates_add.php that can use for RCE. Your upload will be stored at /images/ and is also accessible without authentication.
This vulnerability could permit executing code during startup or reboot with the escalated privileges.
Sandboxie 5.49.7 is vulnerable to a denial of service attack when a specially crafted buffer of 5000 'A' characters is copied to the clipboard and pasted into the 'Set Container Folder' input field. This causes the application to crash.
You can simply bypass the /admin/login.php with the following sql injection. All you need is a bcrypt hash that is equal with your random password, the username should NOT match with an existing.
This vulnerability could permit executing code during startup or reboot with the escalated privileges.
The application suffers from an unquoted search path issue impacting the service 'EasyAntiCheat' for Windows deployed as part of Easy Anti-Cheat Service application. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application.
A vulnerability in b2evolution 7-2-2 allows an attacker to inject SQL commands into the 'cf_name' parameter and obtain sensitive database information from the 'evo_users' and 'evo_blogs' tables.
WordPress Plugin 'wp-super-edit' allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment. This vulnerability is caused by FCKeditor in this plugin. Uploaded files represent a significant risk to applications. The first step in many attacks is to get some code to the system to be attacked. Then the attack only needs to find a way to get the code executed. Using a file upload helps the attacker accomplish the first step. The consequences of unrestricted file upload can vary, including complete system takeover, an overloaded file system or database, forwarding attacks to back-end systems, client-side attacks, or simple defacement.
Schlix CMS 2.2.6-6 is vulnerable to Remote Code Execution. An authenticated user can exploit this vulnerability by creating a new category, downloading the 'mailchimp' extension from Github, editing the 'packageinfo.inc' file, pasting malicious PHP code, compressing the file to ZIP and renaming it 'combo_mailchimp-1_0_1', installing the package to the created category, entering the installed 'mailchimp' extension, clicking the 'About' tab and executing the malicious code.
Schlix CMS version 2.2.6-6 is vulnerable to a persistent cross-site scripting vulnerability. An authenticated user can inject malicious JavaScript code into the 'title' field of a contact category. This code will be executed when a user visits the page of the created category. The vulnerable code is located in the '/admin/app/contact' directory.
Services By CQR