You can perform CSRF Attack for all the functions. This request performs over the GET request with uid.
The Complaint Management System 4.2 is vulnerable to authentication bypass due to a lack of proper input validation. An attacker can bypass authentication by providing a specially crafted username and password, such as 'pentester' or'1'=1#' for both the username and password fields.
The User Management System 2.0 is vulnerable to authentication bypass due to an SQL injection vulnerability. An attacker can bypass authentication by providing the username and password as 'pentester' or'1'=1#'
A Cross-Site Request Forgery (CSRF) vulnerability exists in Edimax EW-7438RPn 1.13 Version, which allows an attacker to add a new MAC address to the MAC filtering list. An attacker can craft a malicious HTML page and send it to the victim, when the victim visits the malicious page, the attacker can add a new MAC address to the MAC filtering list.
Neowise CarbonFTP v1.4 is vulnerable to an insecure proprietary password encryption. The program stores the passwords in a file named <FILE>.CFTP in the user's AppData folder. The passwords are encrypted using a weak hardcoded encryption key within the program. The encryption key is 2431 in decimal, or 97F in hexadecimal. The passwords are encrypted in chunks of 5 bytes, and the chunks are reversed and XORed with the encryption key. The resulting hexadecimal values are then decoded to ASCII.
jizhi CMS 1.6.7 is vulnerable to an arbitrary file download vulnerability. An attacker can send a specially crafted HTTP request to the vulnerable server to download arbitrary files from the server. This vulnerability can be exploited by sending a POST request to the /admin.php/Plugins/update.html endpoint with the action parameter set to start-download and the filepath parameter set to shell. The download_url parameter can then be set to the URL of the malicious file to be downloaded. An attacker can also send a POST request to the /admin.php/Plugins/update.html endpoint with the action parameter set to file-upzip and the filepath parameter set to shell to unzip the malicious file.
A buffer overflow in the _SanityCheck() function in the Common Desktop Environment version distributed with Oracle Solaris 10 1/13 (Update 11) and earlier allows local users to gain root privileges via a long calendar name or calendar owner passed to sdtcm_convert in a malicious calendar file (CVE-2020-2944).
Authenticated user can inject hyperlink to Backend System Dashboard and Member Dashboard via message.
Variable $logid isn't properly sanitized in file /admin/sauvegarde/download.php, which allows ADMINISTRATION_AUTH to execute arbitrary SQL commands via the id parameter.
Unauthorized user that has access private message can embed Javascript code to admin panel. Steps to reproduce: 1- Log in to member panel. 1- Change user-agent header as <script>alert(1)</script> 2- Send the private message to admin user. 3- When admin user logs in to Backend System Dashboard, an alert box pops up on screen.
Services By CQR