The vulnerability is found at the user settings page where the user can change his name and his login credentials. Its possible to inject html/js into the fields which will be executed after pressing submit.
This exploit allows an unauthenticated attacker to upload a malicious PHP shell to the Internship Portal Management System 1.0. The attacker can then execute arbitrary code on the vulnerable system by accessing the uploaded shell.
An unauthenticated attacker can remotely enumerate the existence of different usernames in her victim's GitLab CE instance by leveraging its sign_up page. The attacker can send a request to the sign_up page with a username and check the response status code to determine if the username exists or not.
This exploit allows an attacker to inject malicious SQL code into the 'language' parameter of the Piwigo 11.3.0 web application. By exploiting this vulnerability, an attacker can gain access to the application's database and potentially execute arbitrary code.
If we try to login as a voter and catch the login request in burp then pass it to sql map then we can put our payload in voter parameter. The vulnerable code is located in the login.php file and the vulnerable parameter is the voter parameter which is passed unsanitized input.
This exploit takes advantage of the GNU Wget < 1.18 vulnerability to upload a file to the FTP server and execute it remotely. The exploit works by creating a HTTP server and sending a 301 redirect to the FTP server with the file to be uploaded. The FTP server then uploads the file to the /home/ directory.
The Emoji for NodeBB which is installed by default contains an arbitrary file write vulnerability to insecurely handled user controlled input. This exploit requires administrative access to the NodeBB instance in order to access the emoji upload API.
FOGProject 1.5.9 is vulnerable to a remote code execution vulnerability. An attacker can create an empty 10Mb file, add their PHP code to the end of the file, make the file accessible through HTTP, encode the URL to get the file to base64, visit the vulnerable page, change the Kernel Name to myshell.php and click on Install, and then visit the malicious URL to execute arbitrary code.
Cacti 1.2.12 is vulnerable to a SQL injection vulnerability in the 'filter' parameter of the graph_view.php page. An attacker can exploit this vulnerability to execute arbitrary code on the vulnerable system. This vulnerability was discovered by @M4yFly and is tracked as CVE-2020-14295.
This attack uses duplication of fields amplified by GraphQL batched queries, resulting in server OOM and MySQL connection errors.
Services By CQR