The file admin_class.php does not perform input validation on the username and password parameters. An attacker can send malicious input in the post request to /admin/ajax.php?action=login and bypass authentication, extract sensitive information etc.
A vulnerability in Hotel Management System 1.0 allows an authenticated user to execute arbitrary code on the server. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'name' and 'price' parameters of the 'ajax.php?action=save_category' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request with malicious code in the 'name' and 'price' parameters. Successful exploitation of this vulnerability can result in arbitrary code execution on the server.
Seat Reservation System version 1.0 suffers from an Unauthenticated File Upload Vulnerability allowing Remote Attackers to gain Remote Code Execution (RCE) on the Hosting Webserver via uploading PHP files.
If a user is logged in as an admin, they can go to the crontab, select shell script and paste a reverse shell code, click execute button and gain root privileges because crontab.py runs with root privileges.
Restaurant Reservation System 1.0 allows SQL Injection via parameter 'date' in includes/reservation.inc.php. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
An authentication bypass vulnerability exists in Company Visitor Management System (CVMS) 1.0. An attacker can use payload ot' or 1=1# in user and password field to bypass authentication and gain access to the application as admin.
An attacker can bypass authentication by using payload anki' or 1=1# for both username and password in the login page of Alumni Management System 1.0.
An attacker can bypass authentication by using the payload anki' or 1=1# for both username and password in the login page of the application.
An attacker can exploit this vulnerability by sending a malicious request with a payload in the First Name and Last Name fields. The payload <img src=x onerror=alert(document.cookie)> will be stored in the database and will be executed when the user visits the page.
An authentication bypass vulnerability exists in Zoo Management System 1.0. By sending a malicious request with payload jyot' or 1=1# in user and password field, an attacker can bypass authentication and gain access to the admin panel.
Services By CQR