1516 matches found
Free School Management Software 1.0 - (multiple) Stored Cross-Site Scripting Vulnerability
Exploit Title: Free School Management Software 1.0 - 'multiple' Stored Cross-Site Scripting XSS Exploit Author: fuzzyap1 Category: Web application Vendor Homepage: https://www.sourcecodester.com/php/15073/free-school-management-software.html Software Link:...
NEX-Forms <= 7.9.4 - Multiple Admin+ Stored Cross-Site Scripting
The plugin does not escape some of its settings and form fields before outputting them in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC In Global Setting Preferences Validation, put the followi...
Company's Recruitment Management System 1.0 - 'description' Stored Cross-Site Scripting (XSS)
Exploit Title: Company's Recruitment Management System 1.0 - 'description' Stored Cross-Site Scripting XSS Date: 18-10-2021 Exploit Author: Aniket Anil Deshmane Vendor Homepage: https://www.sourcecodester.com/php/14959/companys-recruitment-management-system-php-and-sqlite-free-source-code.html...
Student Quarterly Grading System 1.0 - (grade) Stored Cross-Site Scripting Vulnerability
Exploit Title: Student Quarterly Grading System 1.0 - 'grade' Stored Cross-Site Scripting XSS Exploit Author: Hüseyin Serkan Balkanli Vendor Homepage: https://www.sourcecodester.com/php/14953/student-quarterly-grading-system-using-php-and-sqlite-free-source-code.html Software Link:...
Inline Related Posts < 3.0.5 - Admin+ Cross-Site Scripting
Multiple parameters are vulnerable to stored Cross-site Scripting. The vulnerabilities require admin privileges to exploit. In each case the script will execute for every user viewing a post that contains one of the inline references. POST /wp-admin/options-general.php?page=intelly-related-posts...
Scroll Baner <= 1.0 - CSRF to RCE
The plugin does not have CSRF check in place when saving its settings, nor perform any sanitisation, escaping or validation on them. This could allow attackers to make logged in admin change them and could lead to RCE via a file upload as well as XSS function submitRequest var xhr = new...
WordPress 插件跨站脚本漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in the WordPress plugin WordPress Advanced Ticket System, Elite Support...
Form Tools SQL注入漏洞
Form Tools is an open source code base for Form Tools scripts, modules, themes and APIs. A SQL injection vulnerability exists in Form Tools that stems from an issue found in Form Tools starting from 3.0.20. When a low-privileged user client-side attempts to export a form containing data, for...
Amazon Auto Links < 4.6.20 - Reflected Cross-Site Scripting
The plugin does not escape some parameters before outputting them back in attributes in an admin page, leading to Reflected Cross-Site Scripting issues alert/XSS-page/' / alert/XSS-tab/' /...
Cross-site scripting (XSS) from field and configuration text displayed in the Panel
On Saturday, @hdodov reported that the Panel's ListItem component used in the pages and files section for example displayed HTML in page titles as it is. This could be used for cross-site scripting XSS attacks. We used his report as an opportunity to find and fix XSS issues related to dynamic sit...
Lightweight facebook-styled blog 1.3 - Remote Code Execution (RCE) (Authenticated) (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Lightweight facebook-styled blog authenticated remote code execution", 'Description' = %q This module exploits the file upload vulnerability of...
Online Library Management System 1.0 Shell Upload
Exploit Title: Online Library Management System 1.0 - Arbitrary File Upload Remote Code Execution Unauthenticated Date: 23-06-2021 Exploit Author: Berk Can Geyikci Vendor Homepage: https://www.sourcecodester.com/ Software Link:...
Simple CRM 3.0 - 'name' Stored Cross site scripting (XSS)
Exploit Title: Simple CRM 3.0 - 'name' Stored Cross site scripting XSS Date: 20/06/2021 Exploit Author: Riadh Benlamine rbn0x00 Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/small-crm-php/ Version: 3.0 Category: Webapps Tested on: Apache2+MariaDB latest version...
Simple CRM 3.0 Cross Site Request Forgery
Exploit Title: Simple CRM 3.0 - 'Change user information' Cross-Site Request Forgery CSRF Date: 20/06/2021 Exploit Author: Riadh Benlamine rbn0x00 Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/small-crm-php/ Version: 3.0 Category: Webapps Tested on: Apache2+MariaD...
EgavilanMedia PHPCRUD 1.0 SQL Injection
Exploit Title: EgavilanMedia PHPCRUD 1.0 - 'First Name' SQL Injection Date: 5/17/2021 Exploit Author: Dimitrios Mitakos Vendor Homepage: https://egavilanmedia.com Software Link: https://egavilanmedia.com/crud-operation-with-php-mysql-bootstrap-and-dompdf/ Version: 1.0 Tested on: Debian GNU/Linux ...
Customer Relationship Management (CRM) System 1.0 Shell Upload Vulnerability
Exploit Title: Customer Relationship Management CRM Unrestricted File Upload unauthenticated Exploit Author: Richard Jones Vendor Homepage: https://www.sourcecodester.com/php/14794/customer-relationship-management-crm-system-php-source-code.html Software Link:...
Download Manager < 3.1.19 - Authenticated (author+) PHP4 File Upload to RCE
The wpdmadminuploadfile AJAX action used a blacklist approach to forbid potential dangerous files, such as PHP, from being uploaded. However, other dangerous extensions, like .php4 were not forbidden. As an author or any account with the uploadfiles capability, attach a .php4 file to a download...
Kirby CMS 3.5.3.1 Cross Site Scripting
Exploit Title: Kirby CMS 3.5.3.1 - 'file' Cross-Site Scripting XSS Date: 21-04-2021 Exploit Author: Sreenath Raghunathan Vendor Homepage: https://getkirby.com/ Software Link: https://github.com/getkirby/kirby Version: 3.5.3.1REQUIRED CVE : CVE-2021-29460 POST /api/users//avatar HTTP/1.1 Host:...
Business Directory Plugin < 5.11 - Arbitrary File Upload to RCE
The plugin suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in administrator import files. As the plugin also did not validate uploaded files, it could lead to RCE. Note WPScanTeam: CSRF check and some file validation were added in v5.11, however a blacklist...
Event Banner <= 1.3 - Arbitrary File Upload to RCE
The plugin does not verify the uploaded image file, allowing admin accounts to upload arbitrary files, such as .exe, .php, or others executable, leading to RCE. Due to the lack of CSRF check, the issue can also be used via such vector to achieve the same result, or via a LFI as authorisation chec...