The form parameter 'cfg[app_app_name]' is vulnerable to stored cross site scripting. An attacker can inject malicious JavaScript code into the parameter which will be executed when the page is loaded.
The GET parameter 'category.php?cat_id=' is vulnerable to SQL Injection. By exploiting the SQL Injection vulnerability by using the mentioned payload, an attacker will be able to retrieve the database name and version of mysql running on the server.
The POST parameter 'comment_author' is vulnerable to stored cross site scripting. An attacker can inject malicious JavaScript code into the comment_author parameter, which will be executed when the victim visits the page.
HP LinuxKI is vulnerable to a remote command injection vulnerability due to insufficient sanitization of user-supplied input. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable server. This can allow the attacker to execute arbitrary commands on the vulnerable system.
Attacker can bypass login page and access to dashboard page by sending a POST request with username and password parameters set to '=''or'
The online Chatting System v1.0 application is vulnerable to SQL injection via the 'id' parameter on the chatroom.php page. The application is vulnerable to boolean-based blind, error-based, and time-based blind SQL injection attacks. The back-end DBMS is MySQL, web application technology is Apache 2.4.39 and PHP 7.2.18, and the back-end DBMS is MySQL >= 5.0.
This exploit allows an attacker to remotely execute code on a vulnerable Oracle Hospitality RES 3700 Release 4.9 system. The exploit involves sending a specially crafted SOAP request to the vulnerable system, which contains a malicious payload. The payload is then executed on the system, allowing the attacker to gain access to the system.
Online Examination System Project is vulnerable to SQL injection via the 'eid' parameter on the account.php page. An attacker can inject malicious SQL queries by manipulating the 'eid' parameter. The back-end DBMS is MySQL, web application technology is PHP, Apache 2.4.39, PHP 7.2.18 and back-end DBMS is MySQL >= 5.0.
A blind SQL injection vulnerability is present in Ajax load more. A POST request is sent to the server with a malicious payload in the 'value' parameter. The payload contains a SQL query which is vulnerable to injection.
SQL Injection found in check_community.php:49, where the user input is not properly sanitized before being used in a SQL query. An attacker can inject malicious SQL code into the 'community' parameter, allowing them to execute arbitrary SQL commands on the underlying database. Proof of concept can be achieved by sending a specially crafted HTTP request containing malicious SQL code, and SQLmap can be used to further exploit the vulnerability.
Services By CQR