The Jettweb PHP Hazir Rent A Car Sitesi Scripti V2 is vulnerable to SQL Injection through the 'arac_kategori_id' parameter. By injecting a specially crafted payload, an attacker can manipulate the SQL query and potentially gain unauthorized access to the database.
Reflected Cross Site Scripting on qr.php file in URL parameter
The Tilde CMS version 4.x is vulnerable to SQL Injection in the "aarstal" parameter. An attacker can exploit this vulnerability to extract information from the database or manipulate database records. Additionally, the CMS is also vulnerable to XSS attacks and Full Path Disclosure.
This exploit allows an attacker to inject arbitrary HTML code into the Fat Free CRM software. This vulnerability can be exploited by sending a specially crafted POST request to the /comments endpoint. The vulnerability exists in version 0.19.0 of the software.
The Homey BNB (Airbnb Clone Script) version V4 is vulnerable to multiple SQL Injection attacks. The vulnerabilities exist in various parameters of different requests. An attacker can exploit these vulnerabilities to execute arbitrary SQL queries and potentially gain unauthorized access to the database.
The Jettweb Hazir Rent A Car Scripti V4 is vulnerable to SQL Injection. This can be exploited by an attacker to execute arbitrary SQL queries on the database.
Multiple vulnerabilities exist in Simple Job Script. These include SQL injection vulnerabilities in the 'landing_location', 'job_id', 'employerid', and 'app_id' parameters, as well as an XSS vulnerability in the 'job_type_value[]' parameter.
A Directory Traversal issue was discovered in the Web GUI in Titan FTP Server 2019 Build 3505. When an authenticated user attempts to preview an uploaded file (through PreviewHandler.ashx) by using a .... technique, arbitrary files can be loaded in the server response outside the root directory.
This exploit allows an attacker to change the email of a remote user by editing the 'membercookie' cookie.
Softbiz Freelancers Script V.1 is affected by multiple vulnerabilities including SQL Injection and XSS. The SQL Injection vulnerability can be exploited by manipulating the 'search_form.php' parameter 'sb_showresult' to execute arbitrary SQL queries. The XSS vulnerability can be exploited by injecting malicious scripts into the 'errmsg' parameter of the 'signin.php' page.
Services By CQR