A stored Cross-Site Scripting (XSS) vulnerability exists in WordPress Plugin Easy Contact Form 1.1.7. An attacker can inject malicious JavaScript payload in the 'Email Header' field which will be stored and reflected in the response. This can be exploited to execute arbitrary JavaScript code in the context of the affected website.
PHP-Fusion version 9.03.90 is vulnerable to CSRF attack which leads to deletion of shoutbox messages by the attacker on behalf of the logged in victim. As the requests for deleting the admin shoutbox are sent using the GET method, the CSRF attack to delete an attacker-controlled shoutbox message can be performed by having the admin visit https://TARGET.com/infusions/shoutbox_panel/shoutbox_archive.php?s_action=delete&shout_id=1 directly, after getting to know the shout_id of the message, as it is sequential.
A vulnerability in Laravel 8.4.2 allows an attacker to execute arbitrary code on the server by exploiting the debug mode. The vulnerability is caused by the lack of input validation in the debug mode, which allows an attacker to inject malicious code into the application. The attacker can then use the debug mode to execute the code on the server. The vulnerability can be exploited by sending a specially crafted request to the application.
Online Shopping Cart System 1.0 is vulnerable to SQL Injection. An attacker can exploit this vulnerability by sending malicious SQL queries to the database. This can be done by using the 'id' parameter in the 'cart_remove.php' page. The attacker can use the SQLMAP tool to exploit this vulnerability.
Nagios XI 5.7.X is vulnerable to a Remote Code Execution vulnerability. An authenticated user can upload a malicious payload to the server and execute it. This exploit was discovered by Haboob Team and is tracked by CVE-2020-35578.
This exploit allows an attacker to bypass the authentication of the Online Hotel Reservation System 1.0 by sending a specially crafted HTTP POST request to the login.php page. The request contains an email parameter with a value of 'admin' or 1=1 -- -ac1d, which bypasses the authentication check and allows the attacker to gain access to the admin panel.
Erlang allows distributed Erlang instances to connect and remotely execute commands. Nodes are permitted to connect to eachother if they share an authentication cookie, this cookie is commonly called '.erlang.cookie'. An attacker can use a specially crafted payload to send a command to the target system and execute it remotely.
A Low grade user like ViewOnly can create an account with SuperUser permission. Steps To Reproduce: 1. Create a user with ViewOnly 2. Visit https://demo.localhost.com/#/CampaignManager/users 3. Now you will be able to create an account with SuperUser.
Due to unsanitized user input, the attacker can retrieve the entire SQL database in this case. The function 'person.php' takes user input through the search bar at line 45: '$_POST['search']' and uses it without any sanitization for the following SQL statement (line 46-49): $sql = 'SELECT * FROM tblpeople WHERE FNAME LIKE '%'.$search.'%'; $mydb->setQuery($sql); $cur = $mydb->executeQuery(); $numrows = $mydb->num_rows($cur);//get the number of count. A single quote (') at the search bar under http://localhost/CemeteryMapping/index.php?q=person will result in SQL synthax errors. Proof of Concept: Since the php code lacks of sanitization of the user input, multiple SQL injection queries can be found. 1. Boolean-based SQL injection POST request the page /CemeteryMapping/index.php?q=person and use as payload: ' or 1=1 -- search=' or 1=1 -- 2. Union-based SQL injection To retrieve sensitive files like /etc/passwd, use the following payload at the search bar (POST request http://localhost/CemeteryMapping/index.php?q=person): search=' UNION SELECT NULL,load_file('/etc/passwd'),NULL,NULL,NULL,NULL,NULL-- - If you want to enumerate the target system further, replace 'load_file('/etc/passwd')' with one of the following MySQL commands: @@hostnmae @@version @@datadir
Gila CMS version 2.0.0 and below is vulnerable to Remote Code Execution. An unauthenticated attacker can exploit this vulnerability by sending a crafted HTTP request with a malicious User-Agent header. The malicious payload will be executed on the server and the attacker can gain access to the server.
Services By CQR