21 matches found
CVE-2019-25438
LabCollector 5.423 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through POST parameters. Attackers can submit crafted SQL payloads in the login parameter of login.php or the username parameter of...
CVE-2019-25438
LabCollector 5.423 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through POST parameters. Attackers can submit crafted SQL payloads in the login parameter of login.php or the username parameter of...
CVE-2019-25438
CVE-2019-25438 affects LabCollector 5.423. The vulnerability is multiple SQL injection flaws exploitable by unauthenticated attackers through POST parameters, specifically login.php (login) and retrieve_password.php (user_name), enabling extraction of sensitive database information. No remediatio...
CVE-2019-25438 LabCollector 5.423 SQL Injection via login.php
LabCollector 5.423 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through POST parameters. Attackers can submit crafted SQL payloads in the login parameter of login.php or the username parameter of...
PT-2026-21315
LabCollector 5.423 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through POST parameters. Attackers can submit crafted SQL payloads in the login parameter of login.php or the user name parameter o...
LabCollector SQL注入漏洞
LabCollector is a multi-functional laboratory management platform developed by LabCollector Inc. Version 5.423 of LabCollector contains a SQL injection vulnerability. This vulnerability stems from multiple SQL injections in POST parameters, which may allow unverified attackers to execute arbitrar...
CVE-2023-33253
LabCollector 6.0 though 6.15 allows remote code execution. An authenticated remote low-privileged user can upload an executable PHP file and execute system commands. The vulnerability is in the message function, and is due to insufficient validation of the file such as shell.jpg.php.shell being...
CVE-2023-33253
LabCollector 6.0 though 6.15 allows remote code execution. An authenticated remote low-privileged user can upload an executable PHP file and execute system commands. The vulnerability is in the message function, and is due to insufficient validation of the file such as shell.jpg.php.shell being...
CVE-2023-33253
LabCollector 6.0 though 6.15 allows remote code execution. An authenticated remote low-privileged user can upload an executable PHP file and execute system commands. The vulnerability is in the message function, and is due to insufficient validation of the file such as shell.jpg.php.shell being...
CVE-2023-33253
LabCollector 6.0 though 6.15 allows remote code execution. An authenticated remote low-privileged user can upload an executable PHP file and execute system commands. The vulnerability is in the message function, and is due to insufficient validation of the file such as shell.jpg.php.shell being...
Input validation
LabCollector 6.0 though 6.15 allows remote code execution. An authenticated remote low-privileged user can upload an executable PHP file and execute system commands. The vulnerability is in the message function, and is due to insufficient validation of the file such as shell.jpg.php.shell being...
LabCollector 代码问题漏洞
LabCollector is an all-in-one laboratory management platform from LabCollector, Inc. A security vulnerability exists in LabCollector versions 6.0 through 6.15. An attacker can exploit the vulnerability to upload executable PHP files and execute system commands...
PT-2023-24247 · Unknown · Labcollector
Name of the Vulnerable Software and Affected Versions: LabCollector versions 6.0 through 6.15 Description: The issue allows remote code execution. An authenticated remote low-privileged user can upload an executable PHP file and execute system commands. The problem is due to insufficient validati...
CVE-2023-33253
LabCollector 6.0 though 6.15 allows remote code execution. An authenticated remote low-privileged user can upload an executable PHP file and execute system commands. The vulnerability is in the message function, and is due to insufficient validation of the file such as shell.jpg.php.shell being...
CVE-2023-33253
LabCollector 6.0–6.15 is affected by CVE-2023-33253. The issue is in the message function and stems from insufficient validation of uploaded files (e.g., shell.jpg.php.shell), allowing an authenticated remote low-privileged user to upload an executable PHP file and execute system commands (remote...
CVE-2023-33253
LabCollector 6.0 though 6.15 allows remote code execution. An authenticated remote low-privileged user can upload an executable PHP file and execute system commands. The vulnerability is in the message function, and is due to insufficient validation of the file such as shell.jpg.php.shell being...
Exploit for Unrestricted Upload of File with Dangerous Type in Agilebio Labcollector
CVE-2023-33253 LabCollector 6.0 though 6.15 allows remote cod...
LabCollector SQL Injection
SQL Injection vulnerability in LabCollector Vulnerability Type: SQL Injection For the exploit source code contact DSquare Security sales team...
LabCollector 5.423 - SQL Injection
Exploit Title: LabCollector Laboratory Information System 5.423 - Multiples SQL Injection Date: 09/09/2019 Software Links/Project: https://www.labcollector.com/clientarea/downloads.php Version: LabCollector Laboratory Information System 5.423 Exploit Author: Carlos Avila Category: webapps Tested...
LabCollector 5.423 SQL Injection
Exploit Title: LabCollector Laboratory Information System 5.423 - Multiples SQL Injection Date: 09/09/2019 Software Links/Project: https://www.labcollector.com/clientarea/downloads.php Version: LabCollector Laboratory Information System 5.423 Exploit Author: Carlos Avila Category: webapps Tested...