A vulnerability in Umbraco CMS allows authenticated administrators to execute arbitrary code on the server. This is achieved by sending a specially crafted payload to the vulnerable web page. The payload is an XSLT stylesheet containing a C# script that executes the calc.exe program. The vulnerable web page is located at /umbraco/developer/Xslt/xsltVisualize.aspx.
Job Portal 1.0 is vulnerable to SQL Injection. An attacker can send a malicious SQL query to the web application which can be used to extract sensitive information from the database. This can be exploited by sending a specially crafted HTTP POST request to the vulnerable parameter job_id.
A SQL injection vulnerability exists in Real Estate Custom Script 2.0, which allows an attacker to execute arbitrary SQL commands via the 'filter_area' parameter in the 'property/category' route of the index.php file.
ThinkPHP is an open source PHP framework. A remote code execution vulnerability exists in ThinkPHP 5.X versions due to improper input validation. An attacker can exploit this vulnerability by sending a crafted payload to the vulnerable application. This can allow the attacker to execute arbitrary code on the vulnerable system.
An issue was discovered in HuCart v5.7.4. There is a CSRF vulnerability that can add an admin account via /adminsys/index.php?load=admins&act=edit_info&act_type=add.
HealthNode Hospital Management System 1.0 is vulnerable to SQL Injection. An attacker can exploit this vulnerability to gain access to sensitive information stored in the database. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'username' parameter of the 'email.php' script. An attacker can send a specially crafted HTTP request with malicious SQL statements to the vulnerable script and execute arbitrary SQL commands in the back-end database.
This exploit allows an attacker to execute arbitrary code on a Lenovo R2105 router by sending a malicious HTTP request. The administrator who opens the URL should be authenticated.
Cleanto 5.0 is vulnerable to SQL Injection. An attacker can send a specially crafted HTTP POST request to the vulnerable file front_ajax.php with malicious SQL statements to extract sensitive information from the database.
Locations CMS 1.5 is vulnerable to SQL injection. An attacker can inject malicious SQL queries via the 'id' parameter in the 'detail.php' and 'blog_detail.php' scripts. This can be exploited to read, modify or delete data from the database.
Craigs CMS 1.0.2 is vulnerable to SQL Injection. An attacker can send a specially crafted HTTP request to the vulnerable application in order to execute arbitrary SQL commands in the back-end database. This can be exploited to manipulate the data in the database, compromise the integrity of the data, or disclose sensitive data from the database.
Services By CQR