Sentrifugo version 3.2 is vulnerable to authenticated remote code execution. An attacker can upload a malicious PHP file to the application and trigger it to get a reverse shell. The attacker needs to have valid credentials to exploit this vulnerability.
Sentrifugo 3.2 is vulnerable to authenticated remote code execution. An attacker can upload a malicious PHP file to the application and execute arbitrary code on the server. The attacker can use the credentials of a valid user to log in to the application and upload the malicious file. The malicious file can be triggered by accessing the URL of the uploaded file.
CMSUno 1.6.2 is vulnerable to a remote code execution vulnerability due to improper input validation of the 'lang' parameter. An authenticated attacker can exploit this vulnerability by sending a malicious payload to the vulnerable URL. This payload will be executed on the server, allowing the attacker to gain a reverse shell.
A blind SQL injection is present in the 'id_post' parameter of the 'details' controller. It allows an attacker to extract information from the database by means of successive character tests.
A vulnerability in Amarok 2.8.0 allows an attacker to cause a denial-of-service condition by creating a specially crafted m3u file containing a large amount of data. This can be exploited by an attacker to cause a denial-of-service condition by creating a specially crafted m3u file containing a large amount of data.
The application suffers from a privilege escalation vulnerability. An authenticated user can elevate his/her privileges by calling JS functions from the console or by insecure direct object references to hidden functionalities that can result in creating users, modifying roles and permissions and full takeover of the application.
The CAPTCHA function for DSSPro is prone to a security bypass vulnerability that occurs in the CAPTCHA authentication routine. By requesting the autoLoginVerifyCode object an attacker can receive a JSON message code and successfully bypass the CAPTCHA-based authentication challenge and perform brute-force attacks.
An attacker can exploit a SQL injection vulnerability in the Student Attendance Management System 1.0 application to execute arbitrary code on the server. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'username' parameter of the 'ajax.php' script. An attacker can send a specially crafted request containing malicious SQL statements to the vulnerable script, which will be executed in the context of the application. This can be exploited to manipulate SQL queries to disclose sensitive information from the database, modify data, or execute arbitrary code on the server.
This exploit allows an attacker to gain access to the School Log Management System 1.0 by exploiting a SQL Injection vulnerability in the 'username' parameter. The attacker can then upload a malicious PHP reverse shell to the server and gain remote code execution.
The PDW File Browser is a plugin for the TinyMCE and CKEditor WYSIWYG editors. The PDW File Browser contains a critical software vulnerability which results in remote code execution on the web server. This vulnerability can be exploited by all authenticated users. Steps to RCE: Upload a .txt file containing your webshell code using the default file upload functionality within the PDF file Browser. Please note that all users (including unauthenticated users) are able to access your webshell later on. For security purposes I would recommend using weevely (https://github.com/epinna/weevely3) as this obfuscated and password protects your webshell. Once you have uploaded your webshell with a .txt extension (WEBSHELL.txt) you are able to rename the file using the rename functionality of the PDW File Browser. Within this functionality it is possible to both change the file extension your WEBSHELL from .txt to .php and move the file to an arbitrary location on the web server . The path to the arbitrary location should contain double encoded characters.
Services By CQR