PopojiCMS version 2.0.1 is vulnerable to remote command execution. By injecting a malicious payload into the Meta Social section under settings, an attacker can execute arbitrary commands on the server. This can lead to unauthorized access and potential data breaches. The exploit allows an attacker to execute system commands, as demonstrated by the payload '<?php echo system('id'); ?>'.
The BMC Log Scanner web application in Nokia's BMC is vulnerable to command injection attacks, which can be exploited for unauthenticated remote code execution. This vulnerability is critical as the service runs with root privileges. By injecting a malicious command in the Search Pattern field, an attacker can execute arbitrary commands on the target system as root.
The 'rename', 'remail', 'rphone', and 'rcity' parameters in the 'updateprofile.php' file of Code-Projects Blood Bank V1.0 are vulnerable to Stored Cross-Site Scripting (XSS) due to lack of proper input validation. An attacker can inject malicious scripts into these parameters, and when stored on the server, these scripts may get executed when viewed by other users.
Wallos, a subscription management system, is vulnerable to a file upload RCE exploit. By manipulating the file upload functionality, an authenticated attacker can upload a malicious .php file containing a web shell. This allows them to execute arbitrary commands on the target system.
The unauthenticated SQL Injection and path traversal vulnerabilities in xbtitFM 4.1.18 and prior versions can be exploited without user interaction. An insecure file upload vulnerability requires enabling the file_hosting feature, which can be achieved by accessing an administrator account. These vulnerabilities can allow an attacker to extract database names, user information, and password hashes. Automated tools like sqlmap can be used to exploit these vulnerabilities and dump the database.
The Ray Project dashboard in versions <= 2.6.3 is vulnerable to command injection due to lack of validation in the format parameter. This vulnerability allows an attacker to execute arbitrary commands in the system shell. If the system is configured for passwordless sudo, the attacker can gain a root shell; otherwise, a user-level shell can be obtained.
The exploit allows an attacker to bypass authentication in Quick.CMS 6.7 by using a specific SQL injection payload. By entering the payload ' or '1'='1 in the email field and proceeding with the login, the attacker can successfully bypass the authentication and gain unauthorized access to the admin panel.
The Winter CMS version 1.2.2 is vulnerable to Server-Side Template Injection (SSTI) when an authenticated user injects malicious payloads via the CMS Pages field. This allows an attacker to execute arbitrary code and potentially take control of the server.
In TYPO3 11.5.24, there exists a path traversal vulnerability in the filelist component. Attackers, with access to the administrator panel, can exploit this vulnerability to read arbitrary files by using directory traversal via the baseuri field. An authenticated attacker can manipulate the base URI by sending a crafted POST request to /typo3/record/edit with specific parameters, ultimately allowing them to access sensitive files on the server.
The exploit involves creating a malicious zip file using the WinRAR software. By crafting a specially designed zip file, an attacker can execute arbitrary code on the target system, potentially leading to remote code execution. This vulnerability has been assigned CVE-2023-38831.
Services By CQR