24 matches found
CVE-2019-13376
phpBB version 3.2.7 allows the stealing of an Administration Control Panel session id by leveraging CSRF in the Remote Avatar feature. The CSRF Token Hijacking leads to stored XSS...
Bitsolution.ws ICT Consulting Firm 1.0 Bypass / SQL Injection
Exploit Title : Bitsolution.ws ICT Consulting Firm 1.0 SQL Injection / Improper Authentication Author Discovered By : KingSkrupellos Date : 30/12/2018 Vendor Homepage : bitsolution.ws Tested On : Windows Category : WebApps Exploit Risk : Medium Version Information : 1.0 CWE : CWE-287 Improper...
FreePBX 13: From Cross-Site Scripting to Remote Command Execution
RIPS Analysis The total amount of detected vulnerabilities is very high. Luckily, the majority of the detected vulnerabilities are inside the administration control panel, such that attackers either need to steal a valid account first or they have to trick an administrator into visiting a malicio...
Invision Power Board 2.3.6/3.0.4 - Local File Inclusion / SQL Injection
============================================= - Severity: Moderately High ============================================= I. VULNERABILITY ------------------------- Invision Power Board = 3.0.4 Local PHP File Inclusion and SQL Injection Invision Power Board = 2.3.6 SQL Injection II. BACKGROUND...