68 matches found
VulnCheck KEV: CVE-2023-49103
ownCloud graphapi contains an information disclosure vulnerability that can reveal sensitive data stored in phpinfo via GetPhpInfo.php, including administrative credentials...
Online ID Generator 1.0 - Remote Code Execution Vulnerability
Title: Online ID Generator 1.0 - Remote Code Execution RCE Author: nu11secur1ty Vendor: https://www.youtube.com/watch?v=JdB9po5DTc Software: https://www.sourcecodester.com/sites/default/files/download/oretnom23/idgenerator0.zip Reference: https://portswigger.net/web-security/sql-injection...
Grawlix CMS 1.1.1 Cross Site Scripting
============================================================================================================================ | Title : Grawlix Cms v1.1.1 xss Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro | | Vendor : http://getgrawlix.com/ | | Dork : Powered by Th...
WebTareas 2.4 - Remote Command Execution (Authorized) Vulnerability
Exploit Title: WebTareas 2.4 - RCE Authorized Exploit Author: Hubert Wojciechowski Contact Author: email protected Vendor Homepage: https://sourceforge.net/projects/webtareas/ Software Link: https://sourceforge.net/projects/webtareas/ Version: 2.4 Testeted on: Windows 10 using XAMPP, Apache/2.4.4...
MTN Group: PHP info page disclosure in ██████████
The PHP info page was disclosed, which provided detailed information about the system and PHP configuration, including the exact PHP version, operating system, and internal IP addresses...
CVE-2022-3881
CVE-2022-3881 concerns the WordPress WPTools plugin, affected versions before 3.43. The issue is improper authorization and CSRF in an AJAX action, allowing any authenticated user (e.g., a subscriber) to install and activate arbitrary plugins from wordpress.org. Root cause: missing CSRF/authoriza...
Semrush: php info file and sql backup at vendor's subdomain
Researcher found open /phpinfo.php and sql backup from mvp app at vendor's subdomain. There was no sensitive data...
grou.ps Improper Access Control vulnerability OBB-1802803
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| grou.ps ---|--- Open Bug Bounty Program...
U.S. Dept Of Defense: PHP info page disclosure
Summary: phpinfo is a debug functionality that prints out detailed information on both the system and the PHP configuration. Step-by-step Reproduction Instructions 1.Go to https://███████phpinfo Impact An attacker can obtain information such as: •Exact PHP version. •Exact OS and its version...
MTN Group: PHP Info Exposing Secrets at https://radio.mtn.bj/info
Summary: During recon I discovered a PHP Info file exposing environment variables such as; Laravel APPKEY, Database username/password, SMTP username/password, etc. Steps To Reproduce: Visit the following URL; https://radio.mtn.bj/info You will be presented with a PHP Info file exposing environmen...
Unikrn: multiple vulnerabilities on your mautic server
Hi @unikrn! I found some vulnerabilities in you crm server: 1. By pass Cloudflare access: You Use Cloudflare Access on https://crm.unikrn.com . BUt this link bypassed Cloudflare Access: ████████/login This vulnerability generates the disclosure of important data: PHP info page: ██████████phpinfo ...
ThinkPHP 5.x Remote Code Execution
Exploit Title: ThinkPHP 5.x v5.0.23,v5.1.31 Remote Code Execution Date: 2018-12-11 Exploit Author: VulnSpy Vendor Homepage: https://thinkphp.cn Software Link: https://github.com/top-think/framework/ Version: v5.x below v5.0.23,v5.1.31 CVE: N/A Exploit...
Mail.ru: [moba.my.com] phpinfo, logs
PHP info and fragment of access logs were available...
Boost My Campaign 1.1 Information Disclosure
======================================================================================================= | Title : Boost My Campaign 1.1 Unauthenticated Administrative Access Vulnerability | | Author : indoushka | | email : [email protected] | | Tested on : windows 10 FranASSais V.Pro | |...
WordPress W3 Total Cache 0.9.4.1 Race Condition
------------------------------------------------------------------------ Information disclosure race condition in W3 Total Cache WordPress Plugin ------------------------------------------------------------------------ Sipke Mellema, July 2016...
Boozt Fashion AB: PHP info page disclosure on http://www.day.dk/
Hi, Boozt team. Description: phpinfo is a debug functionality that prints out detailed information on both the system and the PHP configuration. Step to reproduce: 1. Go to http://www.day.dk/check.php An attacker can obtain information such as: •Exact PHP version. •Exact OS and its version...
蝉知CMS5.3 CRSF getshell
简要描述: 蝉知CMS5.3 CRSF getshell 详细说明: /system/module/package/control.php public function upload$type = 'extension' $this-view-canManage = array'result' = 'success'; if!$this-loadModel'guarder'-verify $this-view-canManage = $this-loadModel'common'-verifyAdmin; if$SERVER'REQUESTMETHOD' == 'POST'...
Zeuscart Information Disclosure Vulnerability
ZeusCart is an open source shopping system based on PHP and MySQL designed for small and medium-sized online stores. A security vulnerability exists in ZeusCart version 4. A remote attacker can exploit the vulnerability to obtain configuration information by calling the 'phpinfo' function in admi...
Drupal < 7.32 Pre Auth SQL Injection
No description provided by source. ?php // // / / / // / / // \ / / /// / / / / / / / / / // / / / , / // / // / / / / // / / / // ////||//// ///// /// // Poc for Drupal Pre Auth SQL Injection - c 2014 SektionEins // // created by Stefan Horst [email protected] // and Stefan Esser...
Hiverr 2.2 - Multiple Vulnerabilities
No description provided by source. Exploit Title: Hiverr v2.2 Multiple Vulnerabilities Date: 05.02.2013 Author: xStarCode Exploit Author: xStarCode Version: 2.2 Category: webapps Google Dork: Tested on: Linux Exploit: -----Index Vulnerabilities: == SQL Injections...