The GYM Management System version 1.0 is vulnerable to stored cross-site scripting (XSS) due to insufficient validation of user-supplied data in the 'lname' field of the profile.php page. An attacker can inject a malicious payload, such as x%22%20onmouseover%3Dalert%28document.cookie%29%20x%3D%22, which will be executed whenever a user accesses the profile.php page, leading to the execution of arbitrary scripts in the context of the user's browser. This vulnerability has been detected by Alperen Yozgat.
The exploit allows an attacker to inject arbitrary code into a client's game, leading to potential unauthorized activities. The code author disclaims any liability for damages resulting from the exploit's usage.
The elFinder Web file manager version 2.1.53 allows remote attackers to execute arbitrary commands via an admin panel URL, which can lead to sensitive information disclosure. An attacker can upload a malicious PHP file to the target server and execute system commands, as demonstrated by accessing the /etc/passwd file.
An unauthenticated user can exploit the /pms/users.php endpoint to upload a malicious PHP file as a profile picture without authentication. This can lead to remote code execution on the server.
The SureMDM On-premise version 6.31 and below allows attackers to bypass CAPTCHA protection by enumerating valid user IDs, potentially leading to unauthorized access. This vulnerability has been assigned CVE-2023-3897.
CSZ CMS Version 1.3.0 allows remote attackers to execute arbitrary commands via a crafted request. This vulnerability has a CVE ID of CVE-2023-XXXX.
SuperStoreFinder is a PHP/Javascript/MySQL store locator script with Google Maps API integration. A vulnerability exists in the 'USERNAME' parameter in the 'localhost/admin/index.php' file, allowing unauthenticated SQL Injection attacks including boolean-based blind, error-based, and time-based blind attacks.
The Lot Reservation Management System, version 1.0, allows unauthenticated users to disclose files on the server. This vulnerability can be exploited by an attacker to access sensitive information stored on the system without proper authorization. However, no CVE has been assigned to this vulnerability yet.
The Simple Student Attendance System is vulnerable to a Time-Based Blind SQL Injection in the delete_student function of actions.class.php. An attacker can manipulate the 'id' parameter to execute malicious SQL queries, potentially leading to unauthorized data retrieval or modification. The vulnerability has been tested using sqlmap tool with a time-based blind technique.
The Comments Like Dislike plugin for WordPress <= 1.2.0 allows unauthorized modification of data due to a missing capability check on the restore_settings function. This vulnerability enables authenticated attackers with minimal permissions to reset the plugin's settings, as the nonce is accessible to subscriber-level users.
Services By CQR