An attacker can execute arbitrary script code in the browser of a user by injecting malicious input through the 'search' parameter in the 'extremesearch.php' page. This can lead to the theft of authentication credentials and other attacks.
The vulnerability exists in the WebCalendar application due to a failure in properly sanitizing user-supplied input. An attacker can exploit this issue by injecting malicious content into the 'ret' parameter of the 'layers_toggle.php' script. This can lead to the manipulation of web content and potentially deceive users.
DotClear is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
Lore is prone to an SQL injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
WebCalendar is prone to multiple SQL injection vulnerabilities. This vulnerability could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
Multiple SQL injection vulnerabilities in Instant Photo Gallery allow remote attackers to execute arbitrary SQL commands via the (1) cat_id parameter in portfolio.php or (2) the 'q' parameter in search.php.
The SQL injection vulnerability exists in 88Scripts Event Calendar due to a failure in properly sanitizing user-supplied input before using it in an SQL query. An attacker can exploit this vulnerability by sending a specially crafted request to the affected application. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
O-Kiraku Nikki is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
The WSN Knowledge Base is prone to multiple SQL injection vulnerabilities. These vulnerabilities occur due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successful exploitation of these vulnerabilities could lead to compromise of the application, disclosure or modification of data, or permit an attacker to exploit vulnerabilities in the underlying database implementation.
WSN Knowledge Base is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
Services By CQR