Piwigo <= v. 2.7.3 suffers from a reflecting XSS and a SQL injection in its administrative backend. The reflecting XSS vulnerability resides in the "page" parameter used in the file admin.php which can be found in the administrative backend located here in a common Piwigo installation. The SQL injection vulnerability can as well be found in the administrative backend and can be found in the "History" functionality located here.
The application In-link is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
SkaDate is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
The Zikula Application Framework is vulnerable to a cross-site scripting (XSS) vulnerability. This vulnerability occurs because the application fails to sufficiently sanitize user-supplied data. An attacker can exploit this vulnerability by injecting arbitrary script code into the browser of an unsuspecting user, potentially leading to cookie theft and other attacks.
This exploit takes advantage of a blind SQL injection vulnerability in the XOOPS Module Repository viewcat.php script. It allows an attacker to extract the username and password hashes from the xoops_users table.
The vulnerabilities in GeoClassifieds Lite allow attackers to perform SQL injection and cross-site scripting attacks. These attacks can lead to various consequences such as stealing authentication credentials, compromising the application, accessing or modifying data, and exploiting other vulnerabilities in the database.
Kisanji is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
The vulnerability is due to a failure in properly bounds-checking user-supplied data. Successful exploits can allow attackers to execute arbitrary code as the logged-in user, while failed attempts may result in denial-of-service conditions.
EasyGallery is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The YABSoft Advanced Image Hosting Script is prone to a cross-site scripting vulnerability due to improper sanitization of user-supplied input. An attacker can exploit this vulnerability to execute arbitrary script code in the browser of an unsuspecting user, potentially leading to the theft of authentication credentials and other attacks.
Services By CQR