Prestashop 1.7.7.0 is vulnerable to Time Based Blind SQL Injection. The vulnerability exists in the 'id_product' parameter of the 'CommentGrade' controller of the 'productcomments' module. An attacker can exploit this vulnerability by sending a specially crafted payload to the vulnerable parameter. The payload used in this exploit is '1 AND (SELECT 3875 FROM (SELECT(SLEEP(5)))xoOt)'. This payload will cause the server to sleep for 5 seconds, indicating a successful exploitation of the vulnerability.
OpenCart CMS 3.0.3.6 & below versions are vulnerable to Account takeover via CSRF, related to the endpoint /account/edit. Attackers can create accounts, intercept requests, create CSRF POCs, and send them to victims. Victims open the POCs, which changes their information, and attackers can then access the account with the help of the forgot password feature.
A stored XSS vulnerability exists in WordPress Plugin Custom Global Variables 1.0.5, which allows an attacker to inject malicious JavaScript code into the 'name' field of the plugin. An attacker can exploit this vulnerability by entering a malicious JavaScript payload into the user input field, which is then stored in the database. When the same functionality is triggered, the malicious JavaScript payload is executed, resulting in a pop-up.
The php not exclude other tools than proposed one. It's possible possible to include files when the parameter 'tool_list=' is modified. By modifying the parameter, it is possible to print the /etc/passwd document in the webpage.
Exploitation of vulnerability as shown below; 1-) Entering the Admin Panel ( vulnerableapplication.com/anchor/admin ) 2-) Click Create a new post button at the Posts tab ( From "vulnerableapplication.com/anchor/admin/posts " to "vulnerableapplication.com/anchor/admin/posts/add " ) 3-) Relevant payload (<script>prompt("RMG_XSS_PoC")</script>) which was defined above entering the markdown parameter then click "save" button 4-) Finally, turn back the home page then shown the triggered vulnerability
An user with acces to "/autodiscover.php" can execute remote commande, get a reverse shell and root the targeted machine.
The ao_ccss_import AJAX call does not ensure that the file provided is a legitimate Zip file, allowing high privilege users to upload arbitrary files, such as PHP, leading to RCE.
This module exploits an unauthenticated directory traversal vulnerability in Apache Flink version 1.11.0 (and released in 1.11.1 and 1.11.2 as well), allowing arbitrary file read with the web server privileges.
Cockpit Version 234 is vulnerable to Server-Side Request Forgery (Unauthenticated) vulnerability. An attacker can exploit this vulnerability to scan internal or loopback interface of the server. The attacker can also scan for open ports on the server. This vulnerability can be exploited without authentication.
When logged in, an attacker can inject malicious JavaScript code into the 'add payment' parameters, which will be executed when the user navigates to the payments page.
Services By CQR