SEO Panel 4.8.0 is vulnerable to Blind SQL Injection. An attacker can exploit this vulnerability by changing the 'order_col' value to '*' and then using the sqlmap tool to execute arbitrary SQL commands on the underlying database.
rConfig, the open source network device configuration management tool, is vulnerable to Arbitrary File Upload to RCE in /lib/crud/vendors.crud.php with parameter 'vendorLogo'. The following steps can be carried out in duplicating this vulnerability: Login the rConfig application with your credentials, send a POST request to /lib/crud/vendors.crud.php, and access the uploaded file via the URL http://localhost/data/vendors/rce.php?cmd=whoami.
VestaCP 0.9.8 is vulnerable to stored XSS in the 'v_interface' parameter of the 'add/ip/' POST request. An attacker can inject malicious JavaScript code into the 'v_interface' parameter, which will be executed when the user visits the 'add/ip/' page.
This vulnerability could permit executing code during startup or reboot with the escalated privileges.
In WoWonder < 3.1, remote attackers can gain access to the database by exploiting a SQL Injection vulnerability via the event_id parameter. The vulnerability is found in the 'event_id' parameter in GET request sent to page requests.php. An attacker can exploit this vulnerability to access private data in the database system. Sqlmap command: sqlmap -r request.txt --risk 3 --level 5 --random-agent -p event_id --dbs Payload: f=search-my-followers&s=normal&filter=s4e&event_id=1') AND 5376=5376-- QYxF
The web application allows for an unauthenticated file upload which can result in a Remote Code Execution. We combine this issue with an sql injection to retrieve the randomised name of our uploaded php shell.
This module exploits an unauthenticated arbitrary file upload via insecure POST request. It has been tested on version < 6.4.1 in Windows 10 Enterprise.
A remote attacker can be create an user with SuperAdmin profile by exploiting the vulnerability in Sonlogger Log and Report System - v4.2.3.3.
Multiple stored cross-site scripting (XSS) vulnerabilities in openMAINT 2.1-3.3-b allow remote attackers to inject arbitrary web script or HTML via any 'Add' sections, such as Add Card Building & Floor, or others in the Name And Code Parameters.
A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application.
Services By CQR