This exploit allows an attacker to perform directory traversal attacks by accessing files outside the web server root directory. The vulnerable URL is 'http://localhost/%5C..%5C..%5C..%5C..%5C..%5C../boot.ini' or 'http://localhost/%5C..%5C..%5C..%5C..%5C..%5C../'.
The vulnerability allows an attacker to include remote files by manipulating the 'absolute_path' parameter in various PHP files. This can lead to unauthorized access, remote code execution, and potential compromise of the affected system.
Authenticated SQLi in the FeedWordPress WordPress plugin allows remote authenticated attackers to execute arbitrary SQL commands via the link_ids[] parameter in the feedwordpress/syndication.php page.
This exploit allows an attacker to remotely control a Phoenix Contact ILC 150 ETH PLC device. The script continuously prints out the current status of the PLC, reverts after 3 seconds, and stops after 5 seconds.
The code includes a file from a user-controlled path without proper sanitization, which can be exploited to include arbitrary files from the server or remote locations.
Forma LMS 1.3 is prone to multiple PHP Object Injection vulnerabilities, due to a repeated unsafe use of the unserialize() function, which allows unprivileged users to inject arbitrary PHP objects. A potential attacker could exploit this vulnerability by sending specially crafted requests to the web application containing malicious serialized input, in order to execute code on the remote server or abuse arbitrary functionalities.
The SimpCMS Light script is vulnerable to an arbitrary file inclusion vulnerability. The bug file 'index.php' contains the vulnerable code on line 31, where it includes the file specified by the 'site' parameter. An attacker can exploit this vulnerability by supplying a malicious script as the 'site' parameter, leading to arbitrary file inclusion.
The pL-PHP beta 0.9 version is affected by multiple vulnerabilities. The first vulnerability is an SQL Injection that allows an attacker to bypass the admin access. The second vulnerability is a global variable problem that also allows an attacker to bypass the admin access.
The Joomla/Mambo Component Taskhopper 1.1 is vulnerable to Remote File Inclusion (RFI) attack. The vulnerability allows an attacker to include a remote file using the 'mosConfig_absolute_path' parameter in various PHP files.
This exploit allows an attacker to execute arbitrary commands on the target server. It also allows the attacker to bypass the login mechanism and gain administrative rights. The exploit takes advantage of vulnerabilities in the FCKEditor component and SQL injection vulnerabilities in the changename.php script.