header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Nova CMS Multiple Remote File-Include Vulnerabilities

Nova CMS is prone to multiple remote file-include vulnerabilities because the application fails to sufficiently sanitize user-supplied input. Exploiting these issues may allow a remote attacker to obtain sensitive information or execute malicious PHP code in the context of the webserver process. This may allow the attacker to compromise the application and the underlying computer; other attacks are also possible.

vBadvanced CMPS Remote File-Include Vulnerability

vBadvanced CMPS is prone to a remote file-include vulnerability because the application fails to sufficiently sanitize user-supplied input. Exploiting this issue may allow an attacker to execute arbitrary local and remote scripts in the context of the affected application or obtain potentially sensitive information. This may result in a compromise of the application and the underlying system; other attacks are also possible.

CMSQLITE v1.3.2 – Multiple Web Vulnerabiltiies

An independent Laboratory Researcher discovered multiple web vulnerabilities in the CMSQLITE v1.3.2 Content Management System. A local file include vulnerability is detected in the CMSQLITE v1.3.2 Content Management System. The vulnerability allows a local privileged user account to include and load local system files. The vulnerability is located in the mediaAdmin.php file with the bound vulnerable parameter. A remote file include vulnerability is detected in the CMSQLITE v1.3.2 Content Management System. The vulnerability allows a remote attacker to include and load remote files from external server. The vulnerability is located in the mediaAdmin.php file with the bound vulnerable parameter. A remote sql injection vulnerability is detected in the CMSQLITE v1.3.2 Content Management System. The vulnerability allows a remote attacker to inject own sql commands to compromise the web-application. The vulnerability is located in the mediaAdmin.php file with the bound vulnerable parameter.

ProQuiz v2.0.2 – Multiple Vulnerabilities

ProQuiz v2.0.2 is vulnerable to Remote File Include, Local File Include, Remote SQL Injection & Blind SQL Injection. In File (my_account.php) in line 114 & 115, if($_GET['action']=='getpage' && !empty($_GET['page'])){@include_once($_GET['page'].'.php'); is vulnerable to Remote File Include & Local File Include. For Remote File Include, an attacker can register and login in the panel and paste the malicious URL. For Local File Include, an attacker can register and login in the panel and paste the malicious URL. For Remote SQL Injection & Blind SQL Injection, in two files, answers.php in line 55 and functions.php in $_POST['email'] and $_POST['username'], an attacker can inject malicious SQL code in the URL and POST method.

eLearning Server Multiple Remote Vulnerabilities

The news.php4 script is vulnerable to SQL injection when the 'nid' parameter is supplied. An attacker can use this vulnerability to execute arbitrary SQL commands on the underlying database. The admin/setup.inc.php script is vulnerable to remote file include. An attacker can use this vulnerability to include a remote file containing malicious code and execute it on the vulnerable server.

Joomla Component com_adsmanager Remote File Include

This vulnerability allows an attacker to include a remote file on the webserver. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'mosConfig_absolute_path' parameter of the 'index.php' script. A remote attacker can exploit this vulnerability to execute arbitrary PHP code on the vulnerable system.

Recent Exploits: