HelpDeskZ < 1.0.2 - (Authenticated) SQL Injection / Unauthorized File Download

''' Exploit Title: HelpDeskZ fetchRow"SELECT , COUNTid AS total FROM ".TABLEPREFIX."attachments WHERE id=".$db-realescapestring$params2." AND ticketid=".$params0." AND msgid=".$params3; third argument AND msgid=".$params3; sent to fetchRow query with out any senitization Steps to reproduce:...

EvolutionScript 5.0 SQL Injection / Cross Site Scripting

evolutionscript v5.0 Mullti Vulnerability ========================================= Author : indoushka Vondor : http://EvolutionScript.com Dork : Powered by EvolutionScript Version 5.0 Copyright © 2010 - 2015 EvolutionScript.com ========================= Sql injection :...