PT-2024-5859 · Glpi +2 · Glpi +2

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.16 Description: The issue is related to the GLPI system, which is an open-source asset and IT management software package providing ITIL Service Desk features, licenses tracking, and software auditing. An...

WordPress Hash Form Plugin Remote Code Execution Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress Hash Form Plugin RCE', 'Description' = %q The Hash Form – Drag & Drop Form Builder plugin for WordPress suffers from a critical...

CVE-2024-35324

Douchat 4.0.5 suffers from an arbitrary file upload vulnerability via Public/Plugins/webuploader/server/preview.php...

D-Link DAR-7000-40 Command Execution Vulnerability

The D-Link DAR-7000-40 is an Internet Behavior Audit Gateway from China AUO D-Link. The D-Link DAR-7000-40 suffers from a command execution vulnerability, which is caused by incorrect validation of file extensions in the interface/sysmanage/license authorization.php script. An attacker can exploi...

Cacti pollers.php SQL Injection / Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cacti RCE via SQLi in pollers.php', 'Description' = %q This exploit module leverages a SQLi CVE-2023-49085 and a LFI CVE-2023-49084 vulnerability...

Cacti RCE via SQLi in pollers.php

This exploit module leverages a SQLi CVE-2023-49085 and a LFI CVE-2023-49084 vulnerability in Cacti versions prior to 1.2.26 to achieve RCE. Authentication is needed and the account must have access to the vulnerable PHP script pollers.php. This is granted by setting the Sites/Devices/Data...

Exploit for CVE-2023-6553

CVE-2023-6553 PoC LFI to RCE Unauthenticated Remote Code Ex...

CVE-2023-45377

In the module "Chronopost Official" chronopost for PrestaShop, a guest can perform SQL injection. The script PHP cancelSkybill.php own a sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection...

CVE-2023-45377

In the module "Chronopost Official" chronopost for PrestaShop, a guest can perform SQL injection. The script PHP cancelSkybill.php own a sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection...

CVE-2023-42802 GLPI vulnerable to unallowed PHP script execution

GLPI is a free asset and IT management software package. Starting in version 10.0.7 and prior to version 10.0.10, an unverified object instantiation allows one to upload malicious PHP files to unwanted directories. Depending on web server configuration and available system libraries, malicious PH...

CVE-2023-38912

SQL injection vulnerability in Super Store Finder PHP Script v.3.6 allows a remote attacker to execute arbitrary code via a crafted payload to the username parameter...

CVE-2023-38912

SQL injection vulnerability in Super Store Finder PHP Script v.3.6 allows a remote attacker to execute arbitrary code via a crafted payload to the username parameter...

Sql injection

SQL injection vulnerability in Super Store Finder PHP Script v.3.6 allows a remote attacker to execute arbitrary code via a crafted payload to the username parameter...

CVE-2023-38912

SQL injection vulnerability in Super Store Finder PHP Script v.3.6 allows a remote attacker to execute arbitrary code via a crafted payload to the username parameter...

CVE-2023-40755

There is a Cross Site Scripting XSS vulnerability in the "theme" parameter of preview.php in PHPJabbers Callback Widget v1.0...

Color Prediction Game 1.0 SQL Injection

Exploit Title: Color Prediction Game v1.0 - SQL Injection Date: 2023-08-12 Exploit Author: Ahmet Ümit BAYRAM Vendor: https://www.codester.com/items/44411/color-prediction-game-php-script Tested on: Kali Linux & MacOS CVE: N/A Request POST /loginNow.php HTTP/1.1 Host: localhost Cookie:...

Color Prediction Game v1.0 - SQL Injection Vulnerability

Exploit Title: Color Prediction Game v1.0 - SQL Injection Exploit Author: Ahmet Ümit BAYRAM Vendor: https://www.codester.com/items/44411/color-prediction-game-php-script Tested on: Kali Linux & MacOS CVE: N/A Request POST /loginNow.php HTTP/1.1 Host: localhost Cookie:...

DigaSell Digital Store PHP Script 1.0.0 Cross Site Scripting

==================================================================================================================================== | Title : DigaSell - Digital store PHP Script V1.0.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

Chatone Social Networking PHP Script 1.6 Add Administrator

==================================================================================================================================== | Title : chatone social networking php script v1.6 Add Admin Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...

PT-2023-27073 · Unknown · Gz Scripts Availability Booking Calendar Php

Name of the Vulnerable Software and Affected Versions: GZ Scripts Availability Booking Calendar PHP version 1.0 Description: A problematic issue has been found in the HTTP POST Request Handler component of the file index.php, where the manipulation of the promo code argument leads to cross site...