The vulnerability allows an attacker to inject sql commands....
The Micro CMS 3.5 application is vulnerable to SQL injection. An attacker can exploit this vulnerability by injecting malicious SQL code into the 'id' parameter in the 'revert-content.php' file. This allows the attacker to bypass authentication and retrieve sensitive information from the database. The specific exploit for this vulnerability is: 'http://site.com/[micro_cms]/cms/revert-content.php?type=newest&id=1%22%20UNION%20ALL%20SELECT%20null,null,SUBSTRING(administrators_pass,1,16),null,null%20FROM%20microcms_administrators/*'.
The exploit allows an attacker to pass more than 539 characters to the SubmitToExpress method in Postcast Server Pro 3.0.61 / Quiksoft EasyMail SMTP Object (emsmtp.dll 6.0.1). This results in a buffer overflow vulnerability, leading to a remote code execution.
This vulnerability allows an attacker to perform SQL injection by manipulating the 'show' parameter in the acrotxt.php file. The attacker can execute arbitrary SQL queries and potentially gain unauthorized access to the database.
It is possible for a remote attacker to include a file from local or remote resources and/or execute arbitrary script code with the privileges of the webserver. An attacker may execute arbitrary SQL statements on the vulnerable system. This may compromise the integrity of your database and/or expose sensitive information.
The vulnerability allows an attacker to inject SQL commands.
The script allows an attacker to read files on the server and add a user with full privileges.
The vulnerability allows an attacker to inject SQL commands.
The vulnerability allows an attacker to inject sql commands
This exploit targets the 'DeleteXMLFile()' method in the NVR SP2 2.0 nvUtility.Utility.1 control. It allows an attacker to delete arbitrary files on the system. All software that uses this control is vulnerable to this exploit.