An attacker is able to get access to sensitive data without proper authentication. This vulnerability affects the path /backups/ of the MySQL backup handler. An attacker can leverage this vulnerability in order to run javascript commands on the web server surfers behalf, which can lead to cookie stealing and more.Ī vulnerability has been found in Airfield Online and classified as problematic. Once the target user clicks on a given link he will display the content of the HTML code of the attacker's choice.Ī Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP/MySQL via the Holiday reason parameter. An attacker can leverage this vulnerability in order to change the visibility of the website. Improper Access Control in Adminer versions 1.12.0 to 4.6.2 (fixed in version 4.6.3) allows an attacker to achieve Arbitrary File Read on the remote server by requesting the Adminer to connect to a remote MySQL database.Īn HTML injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP/MySQL via the msg parameter to /event-management/index.php. This can lead attackers to remotely dump MySQL database credentials. Online Motorcycle (Bike) Rental System 1.0 is vulnerable to a Blind Time-Based SQL Injection attack within the login portal. The attacker can retrieve sensitive information for all users of this system. The application interacted with that domain, indicating that the injected SQL query was executed. A crafted payload injects a SQL sub-query that calls MySQL's load_file function with a UNC file path that references a URL on an external domain. The id parameter from Online Enrollment Management System 1.0 system appears to be vulnerable to SQL injection attacks. A payload injects a SQL sub-query that calls MySQL's load_file function with a UNC file path that references a URL on an external domain. The id parameter in view_storage.php from Simple Cold Storage Management System 1.0 appears to be vulnerable to SQL injection attacks. The email parameter from ajax.php of Video Sharing Website 1.0 appears to be vulnerable to SQL injection attacks. An attacker can use burpuite to modify parameters in the packet to destroy real data. There is an unsafe vulnerability in the functional method of submitting examination papers. The front end of this open source system is an online examination system. In Apache Linkis = t3.4.0 is vulnerable to Insecure Permissions.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |