The AC Repair and Services System v1.0 is prone to multiple SQL injection vulnerabilities. An attacker can exploit these issues by manipulating the 'id' parameter in the 'manage_user.php' and 'Master.php' files, allowing unauthorized access to the database. This can lead to data leakage, modification, or deletion. This vulnerability has been tested using sqlmap tool.
A file upload vulnerability in Petrol Pump Management Software v1.0 allows attackers to run arbitrary code by uploading a malicious payload to the 'Image' parameter in the 'profile.php' component.
The Simple Student Attendance System v1.0 is vulnerable to 'classid' Time Based Blind & Union Based SQL Injection. By injecting malicious SQL queries into the 'classid' parameter, an attacker can manipulate the database, retrieve sensitive information, and potentially take control of the system. This vulnerability has a CVE ID pending assignment.
The GL.iNet firmware version 4.3.7 is vulnerable to remote code execution via the OpenVPN client. An attacker can exploit this vulnerability to execute arbitrary code on the target system. This vulnerability has been assigned the CVE-2023-46454.
The vulnerability in Real Estate Management System v1.0 allows an attacker to execute command injection payloads and upload malicious files to the web server.
A Cross Site Scripting vulnerability was found in Petrol Pump Management Software v1.0. By injecting a malicious payload into the 'Address' parameter in the add_invoices.php component, an attacker can execute arbitrary code. This vulnerability could be exploited to perform various malicious actions.
The Neon Text plugin for WordPress version 1.1 and below is prone to Stored Cross-Site Scripting (XSS) vulnerability through the neontext_box shortcode.
The R Radio FM Transmitter 1.07 system.cgi endpoint has an improper access control vulnerability that allows unauthenticated users to access and reveal the clear-text password of the admin user. This disclosure enables attackers to bypass authentication and gain unauthorized access to the FM station setup.
The GL.iNet firmware version 4.3.7 is vulnerable to remote code execution via the OpenVPN client. An attacker can exploit this vulnerability to execute arbitrary code on the target system. This vulnerability has been assigned the CVE-2023-46454.
The vulnerability in Real Estate Management System v1.0 allows an attacker to execute command injection payloads and upload malicious files to the web server.
Services By CQR