An SQL injection vulnerability exists in the Seat Reservation System 1.0 web application. An attacker can send a specially crafted HTTP POST request to the vulnerable application to inject malicious SQL queries into the application. This can be exploited to gain access to sensitive information from the database.
A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application.
The vulnerability exists due to an error in the 'p' parameter of '/shop/product.php' script, which can be exploited to inject or manipulate SQL queries. An attacker can send a specially crafted request to the vulnerable script and execute arbitrary SQL commands in application's database.
Multiple authenticated remote code execution (RCE) vulnerabilities were found on the SpamTitan Gateway 7.07 and probably in pervious versions: CVE-2020-11699: Improper validation of the parameter fname on the page certs-x.php would allow an attacker to execute remote code on the target server. The user has to be authenticated before interacting with this page. CVE-2020-11700: Improper sanitization of the parameter fname, used on the page certs-x.php, would allow an attacker to retrieve the contents of arbitrary files. The user has to be authenticated before interacting with this page. CVE-2020-11803: Improper sanitization of the parameter jaction when interacting with the page mailqueue.php could lead to PHP code evaluatiom. The user has to be authenticated before interacting with this page. CVE-2020-11804: Improper sanitization of the parameter jaction when interacting with the page mailqueue.php could lead to PHP code evaluatiom. The user has to be authenticated before interacting with this page.
Windows Finger Command 'finger.exe' can be used as a file downloader and makeshift C2 channel. Intruders who compromise a computer may find it is locked down and 'unknown' applications may be unable to download programs or tools. By using built-in native Windows programs, its possible they may be whitelisted by installed security programs and allowed to download files. The Finger protocol as a C2 channel part works by abusing the 'user' token of the FINGER Query protocol 'user@host'. C2 commands masked as finger queries can download files and or exfil data without Windows Defender interference.
Piwigo 2.10.1 has stored XSS via the file parameter in a /ws.php request because of the pwg.images.setInfo function.
Reflected Cross-Site Scripting (XSS) vulnerability in 'index.php' login-portal webpage of SourceCodesters Tailor Management System v1.0 allows remote attackers to harvest keys pressed via unauthenticated victim clicking malicious URL and typing.
ThinkAdmin 6 is vulnerable to an arbitrary file read vulnerability. An attacker can send a specially crafted request to the vulnerable application to read any file on the server. On Windows, the payload to read the database.php file is '/admin.html?s=admin/api.Update/get/encode/34392q302x2r1b37382p382x2r1b1a1a1b1a1a1b2r33322u2x2v1b2s2p382p2q2p372t0y342w34' and on Linux, the payload to read the /etc/passwd file is '/admin.html?s=admin/api.Update/get/encode/34392q302x2r1b37382p382x2r1b1a1a1b1a1a1b1a1a1b1a1a1b1a1a1b1a1a1b1a1a1b1a1a1b1a1a1b2t382r1b342p37373b2s2p382p2q2p372t0y342w34'.
Joomla! paGO Commerce 2.5.9.0 is vulnerable to an authenticated SQL injection vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP POST request to the vulnerable application. The vulnerable parameter is 'filter_published'. An attacker can use sqlmap to exploit this vulnerability and gain access to the underlying database.
The Application Wrapper is the component that automates the Pearson VUE Testing System. The Wrapper is a scheduler that runs in the background on the test center’s server. VUEApplicationWrapper service has an unquoted service path vulnerability and insecure file permissions on "Pearson VUE" directory that allows to overwrite by everyone so that unauthorized local user can leverage privileges to VUEService user that has administrative rights."
Services By CQR