CVE-2020-37186

Chevereto 3.13.4 Core contains a remote code execution vulnerability that allows attackers to inject malicious code during database configuration installation. Attackers can manipulate the database table prefix parameter to write a PHP shell file and execute arbitrary system commands through a...

CVE-2018-10429

Cosmo 1.0.0Beta6 allows attackers to execute arbitrary PHP code via the Database Prefix field on the Database Info screen of install.php...

EUVD-2008-7145

Malware in sbrugna...

EUVD-2018-2501

Malware in sbrugna...

idreamsoft iCMS Operating System Command Injection Vulnerability

idreamsoft iCMS is an open source content management system CMS based on PHP and MySQL. A security vulnerability exists in Idreamsoft iCMS 7, which can be exploited by an attacker to install.php by executing arbitrary commands via a shell with metacharacters in the DB prefix parameter...

YUNUCMS Arbitrary PHP Code Execution Vulnerability

YUNUCMS is China Yunyou YUNU network technology company of a set of open source enterprise station building content management system CMS. YUNUCMS 1.1.5 version of the statics/app/index/controller/Install.php file has a security vulnerability. A remote attacker can exploit this vulnerability by...

Cosmo Arbitrary PHP Code Execution Vulnerability

Cosmo is a set of CMS Content Management System built on AngularJS and PHP. A security vulnerability exists in Cosmo version 1.0.0Beta6. The vulnerability can be exploited to execute arbitrary PHP code via the Database Prefix field in the Database Info screen on the localhost/Cosmo/install.php li...

CVE-2018-10429

Cosmo 1.0.0Beta6 allows attackers to execute arbitrary PHP code via the Database Prefix field on the Database Info screen of install.php...

Code injection

Cosmo 1.0.0Beta6 allows attackers to execute arbitrary PHP code via the Database Prefix field on the Database Info screen of install.php...

CVE-2018-10429

Cosmo 1.0.0Beta6 allows attackers to execute arbitrary PHP code via the Database Prefix field on the Database Info screen of install.php...

WordPress Plugin Extra User Details 0.4.2 - Privilege Escalation

""" Exploit Title: Extra User Details Privilege Escalation Discovery Date: 2016-02-13 Exploit Author: Panagiotis Vagenas Author Link: https://twitter.com/panVagenas Vendor Homepage: http://vadimk.com/ Software Link: https://wordpress.org/plugins/extra-user-details/ Version: 0.4.2 Tested on:...

Limbo CMS <= 1.0.4.2 Cuid cookie Blind SQL Injection Exploit

No description provided by source. !/usr/bin/python ================================================================================================= / | |\ \ / | / |/ | | |/ \ | | / \ \ | \ \ | | | \ | |/ \ | | // | || | ||| /| / /\ | |||| /| / /...

phpcms v9 article reviews the filter LAX database sensitive information disclosure-vulnerability warning-the black bar safety net

phpcms v9 article reviews published 'a'; then reply to this comment can be burst table names and database prefix Vulnerability to prove: ! !...

Design/Logic Flaw

Coppermine Photo Gallery CPG 1.4.14 does not restrict access to update.php, which allows remote attackers to obtain sensitive information such as the database table prefix via a direct request. NOTE: this might be leveraged for attacks against CVE-2008-0504...

Ultrastats 0.2.142 - players-detail.php Blind SQL Injection

Ultrastats 0.2.142 - players-detail.php Blind SQL Injection !/usr/bin/perl use LWP::UserAgent; use Getopt::Long; ! Discovered.: DNX ! Vendor.....: http://www.shooter-szene.de | http://www.ultrastats.org ! Detected...: 29.06.2008 ! Reported...: 04.07.2008 ! Response...: xx.xx.2008 ! Background.:...

SMF &lt;= 1.1.4 COOKIE[topic] SQL-Injection Exploit

Здравствуйте, Зараза. Поддержим отечественного произодителя. SMF = 1.1.4 COOKIEtopic SQL-Injection Exploit www.simplemachines.org Уязвимость заключается в неопределенном параметре $topic. Атакующий может определить его значение и выполнить произольный SQL-запрос в базу данных приложения...

Limbo CMS 1.0.4.2 - &#039;Cuid&#039; cookie Blind SQL Injection

!/usr/bin/python ================================================================================================= / | |\ \ / | / |/ | | |/ \ | | | |||| /| / / ================================================================================================= This is a Public Exploit. Date:...

PNPHPBB2 1.2 - index.php SQL Injection

PNPHPBB2 1.2 - index.php SQL Injection C:\usr\php\php.exe c:\php.php Content-type: text/html X-Powered-By: PHP/4.3.9 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Usage: php c:\php.php host path OPTIONS host: target server ip/hostname path: PNphpBB2 path Options:...

Wordpress 2.1.2 (xmlrpc) Remote SQL Injection Exploit

Exploit for unknown platform in category web applications ===================================================== Wordpress 2.1.2 xmlrpc Remote SQL Injection Exploit ===================================================== !/usr/bin/perl -w Wordpress 2.1.2 SQL Injection POC Wordpress version 2.1.2 is...

Invision Power Board SQL Toolbox多个安全漏洞

Invision Power Board是一个非常流行的PHP论坛程序。 IPB的Toolbox在处理请求时存在漏洞，远程攻击者可能利用此漏洞非授权访问数据库。 如果管理员能够访问Invision Power Board的SQL Toolbox，且在浏览器中浏览了恶意图形，就可能被重新定向通过SQL Toolbox强制执行SQL命令。这种攻击很难被发现，因为仅有图形而不是页面被重新定向。 Invision PS IPB = 2.1.7 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.invisionpower.com/...