GOautodial 4.0 is vulnerable to an authenticated shell upload vulnerability. An attacker can log in as an agent, write a new message to user goadmin with a random subject and text, attach a webshell to the message, and access the shell at https://www.foo.com/uploads/year/month/shellname.php. This allows the attacker to gain privileged access to the system.
An authentication bypass vulnerability exists in School Faculty Scheduling System 1.0. By sending a malicious request with payload jyot' or 1=1# in user and password field, an attacker can bypass authentication and gain access to the admin panel.
A stored cross-site scripting vulnerability exists in the School Faculty Scheduling System 1.0, which allows an attacker to inject malicious JavaScript code into the application. This code is then executed in the browser of any user who visits the Course List section. The malicious code is injected via the Course and Description fields when creating a new course.
This exploit allow you to download any readable file from server with out permission and login session. Payload: https://hrsale/download?type=files&filename=../../../../../../../../etc/passwd POC: 1. Access to HRsale application and browse to download path with payload 2. Get /etc/passwd file
A SQL injection vulnerability was discovered in the WordPress Rest Google Maps Plugin. An attacker can exploit this vulnerability to execute arbitrary SQL commands on the vulnerable system. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'rest_route' parameter of the 'index.php' script. An attacker can send a specially crafted HTTP request containing malicious SQL commands to the vulnerable script and execute arbitrary SQL commands on the underlying database.
The Struts 2 DefaultActionMapper supports a method for short-circuit navigation state changes by prefixing parameters with 'action:' or 'redirect:', followed by a desired navigational target expression. This mechanism was intended to help with attaching navigational information to buttons within forms.
A SQL injection vulnerability exists in Mobile Shop System v1.0, which allows an attacker to bypass authentication by injecting a malicious SQL payload (test' or 1=1 -- -) in the email field and any password in the password field. This can be exploited by sending a malicious HTTP POST request to the vulnerable application.
RiteCMS 2.2.1 is vulnerable to authenticated remote code execution. An attacker can exploit this vulnerability by sending a maliciously crafted POST request to the vulnerable application. This will allow the attacker to execute arbitrary code on the server.
User Registration & Login and User Management System With admin panel 2.1 application from PHPgurukul is vulnerable to Persistent XSS via the fname, lname, email, and contact field name when user register on the site then admin viewing user list on manage user page triggering the payload.
An authenticated user can bypass the uploader of the plugin and upload arbitrary files because the extension of the uploaded file is checked on the client side.
Services By CQR