CVE-2018-25357

Dolibarr ERP CRM 7.0.3 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP code through the dbname parameter. Attackers can send a POST request to install/step1.php with malicious PHP code in the dbname parameter, then...

CVE-2018-25357 Dolibarr ERP CRM 7.0.3 Remote Code Execution via install/step1.php

Dolibarr ERP CRM 7.0.3 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP code through the dbname parameter. Attackers can send a POST request to install/step1.php with malicious PHP code in the dbname parameter, then...

EUVD-2024-2301

Malicious code in bioql PyPI...

CVE-2024-6281 Path Traversal in parisneo/lollms

A path traversal vulnerability exists in the applysettings function of parisneo/lollms versions prior to 9.5.1. The sanitizepath function does not adequately secure the discussiondbname parameter, allowing attackers to manipulate the path and potentially write to important system folders...

CVE-2023-43875

Multiple Cross-Site Scripting XSS vulnerabilities in installation of Subrion CMS v.4.2.1 allows a local attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost, dbname, dbuser, adminusername and adminemail...

GHSA-6FVW-X6GW-4WV8 Froxlor SQL injection vulnerability

Froxlor through 0.10.29.1 allows SQL injection in Database/Manager/DbManagerMySQL.php via a custom DB name...

SQL Injection

froxlor/froxlor is vulnerable to SQL injection. An unauthenticated attacker is able to inject and execute arbitrary SQL commands in the database through Database/Manager/DbManagerMySQL.php via a custom DB name...

CVE-2020-18048

An issue in craigms/main.php of CraigMS 1.0 allows attackers to execute arbitrary commands via a crafted input entered into the DB Name field...

Design/Logic Flaw

An issue in craigms/main.php of CraigMS 1.0 allows attackers to execute arbitrary commands via a crafted input entered into the DB Name field...

LabVantage 8.3 - Information Disclosure

Exploit Title: LabVantage 8.3 - Information Disclosure Google Dork: N/A Date: 2020-02-16 Exploit Author: Joel Aviad Ossi Vendor Homepage: labvantage.com Software Link: N/A Version: LabVantage 8.3 Tested on: CVE : N/A import requests import operator def exploittarget: print"+ Fetching LabVantage...

LabVantage 8.3 - Information Disclosure Exploit

Exploit for java platform in category web applications Exploit Title: LabVantage 8.3 - Information Disclosure Exploit Author: Joel Aviad Ossi Vendor Homepage: labvantage.com Software Link: N/A Version: LabVantage 8.3 Tested on: CVE : N/A import requests import operator def exploittarget: print"+...

WP Mobile Edition Wordpress Plugin - LFI Vulnerability

Exploit for php platform in category web applications Exploit Title: Wordpress Plugin 'WP Mobile Edition' LFI Vulnerability Date: june 6, 2015 Exploit Author: ViRuS OS Google Dork: inurl:?fdxswitcher=mobile Vendor Homepage: https://wordpress.org/plugins/wp-mobile-edition/ Software Link:...

Hitechvalley iNet CMS advanced SQL Injection vulnerability

Hitechvalley iNet is a CMS for nepalian webistes, which is used mainly by organizations, the govnerment and the Nepal Army. Exploit Title: Hitechvalley iNet CMS SQL Injection vulnerability Date: 24/02/2013 Author: Zyklon B - https://twitter.com/BZyklon Vendor or Software Link:...

apm-sql.txt

Author : Hakxer Home : Www.educ-up.com Type Gap : Sql injection --MSSQL Injection-- script : Absolute Poll Manager XE see script http://www.xigla.com/absolutepm/demo.htm Greetz : Allah , Egyptian x Hacker , Soufiane , Sinaritx , SQLinj4ct0r , Stealth , Kof2002 TM : EgY Coders POC...