MODx is prone to a local file-include vulnerability and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit the local file-include vulnerability using directory-traversal strings to view and execute local files within the context of the webserver process. Information harvested may aid in further attacks. The attacker may leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
MODx is prone to a local file-include vulnerability and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.An attacker can exploit the local file-include vulnerability using directory-traversal strings to view and execute local files within the context of the webserver process. Information harvested may aid in further attacks.The attacker may leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
The phpMyFAQ application fails to properly sanitize user-supplied input, allowing an attacker to execute arbitrary script code in the browser of a user visiting the affected site. This can lead to the theft of authentication credentials and enable the attacker to launch further attacks.
Micro CMS is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
Car Portal is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
This exploit allows an attacker to insert arbitrary scripts into a text file and include it in the 'Posts.php' file, leading to remote code execution.
Horde IMP Webmail is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data before it is used in dynamic content. Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.
The TOPHangman application fails to properly sanitize user-supplied input, leading to SQL and HTML injection vulnerabilities. An attacker can exploit these vulnerabilities to compromise the application, access or modify data, exploit other latent vulnerabilities in the database, or execute arbitrary script code in the context of an unsuspecting user's browser. This can result in stealing authentication credentials, controlling the site's appearance, and launching further attacks.
The WSN Guest 1.21 version of the Comments.PHP script is vulnerable to SQL Injection. This can be exploited by an attacker to inject malicious SQL code into the 'id' parameter of the script. The exploit allows the attacker to retrieve sensitive information from the database, such as usernames and passwords of the WSN Guestbook members.
MySITE is vulnerable to an SQL-injection vulnerability and a cross-site scripting vulnerability due to inadequate input sanitization. Exploiting these vulnerabilities could allow an attacker to steal authentication credentials, compromise the application, access or modify data, or exploit other vulnerabilities in the database.