TerraMaster TOS is vulnerable to unauthenticated remote code execution. An attacker can exploit this vulnerability by sending a malicious payload to the makecvs.php endpoint. This payload will create a PHP shell on the server which can be used to execute arbitrary commands.
A stored XSS vulnerability exists in the Faculty Evaluation System 1.0 application. An attacker can exploit this vulnerability by logging in to the application with admin credentials, clicking on Questionnaires, then clicking 'Action' for any Academic Year and then clicking manage. The attacker can then input a malicious script in the 'Question' field of the Question form and click 'Save'. This will trigger the stored XSS payloads. Whenever the attacker clicks on Questionnaires, clicks action for any academic year, and then manage, the XSS payloads will be triggered for that 'Academic Year'.
Artworks Gallery Management System 1.0 is vulnerable to SQL Injection. An attacker can exploit this vulnerability by sending malicious SQL queries to the application. This can lead to information disclosure and other malicious activities. The vulnerable parameter is 'id' which can be exploited using SQLMap.
This module exploits an unauthenticated directory traversal vulnerability in WordPress plugin 'W3 Total Cache' version 0.9.2.6-0.9.3, allowing arbitrary file read with the web server privileges.
A stored cross-site scripting vulnerability exists in Multi Branch School Management System 3.5. An attacker can exploit this vulnerability by inserting malicious payloads into the 'Branch Name', 'School Name', 'Mobile No.', 'Currency', 'Symbol', 'City' and 'State' fields when creating a new branch. When the victim views the page, the malicious payload will be executed.
Login as Admin, select 'Book' from menu and select 'Categories' from sub menu and after that click on 'Add Category'. Insert payload - '><img src onerror=alert(1)> in 'Category Name'. Now click on 'Save', go to 'Category' and see last, there you will get alert box.
CSE Bookstore version 1.0 is vulnerable to time-based blind, boolean-based blind and OR error-based SQL injection in pubid parameter in bookPerPub.php. A successfull exploitation of this vulnerability will lead to an attacker dumping the entire database the web appliction is running on.
A blind SQL injection vulnerability exists in the 'Network Scan' functionality of Pandora FMS. The vulnerable parameter is 'network_csv'.
Victor CMS 1.0 is vulnerable to a file upload vulnerability which allows an attacker to upload a malicious PHP file and execute arbitrary code on the server. An attacker can register on the website, login as a user, go to the profile page, upload a malicious PHP file, update the user and then access the file in the img folder. The attacker can then execute arbitrary code on the server by accessing the file with a command parameter.
This exploit is for CVE-2020-6519, a use-after-free vulnerability in the JavaScript engine of Microsoft Edge. The exploit involves spraying the heap with objects, and then using a relative read/write primitive to gain arbitrary read/write capabilities. This allows the attacker to read and write arbitrary memory locations, which can be used to gain code execution.
Services By CQR