PHP Scripts Mall Single Theater Booking Cross-Site Request Forgery Vulnerability

PHP Scripts Mall Single Theater Booking is an open source theater script. A cross-site request forgery vulnerability exists in PHP Scripts Mall Single Theater Booking. A remote attacker can use the admin/sitesettings.php file to change sensitive settings on the user panel, or even inject web scri...

Paid To Read Script 2.0.5 SQL Injection

Exploit Title: Paid To Read Script 2.0.5 - SQL Injection Dork: N/A Date: 13.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/paid-to-read-script/ Version: 2.0.5 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: CVE-2017-17651...

Readymade Video Sharing Script 3.2 HTML Injection

Exploit Title: Readymade Video Sharing Script 3.2 - HTML Injection Dork: N/A Date: 13.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/php-video-sharing-script/ Demo: http://www.smsemailmarketing.in/demo/videosharing/ Version: 3.2...

Western Digital MyCloud multi_uploadify File Upload

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HEAD', :uri = '/web/', :pattern = /Apache/ include Msf::Exploit::Remote::HttpClient include Msf::Exploit::FileDropper def initializeinfo=...

PHP Scripts Mall Foodspotting Clone Script SQL Injection Vulnerability

PHP Scripts Mall Foodspotting Clone Script is a PHP based online food and beverage ordering script by PHP Scripts Mall India. A SQL injection vulnerability exists in PHP Scripts Mall Foodspotting Clone Script version 1.0. A remote attacker can exploit the vulnerability by sending the 'q' paramete...

Paid To Read Script 2.0.5 - 'uid' / 'fnum' / 'fn' SQL Injection

Exploit Title: Paid To Read Script 2.0.5 - SQL Injection Dork: N/A Date: 13.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/paid-to-read-script/ Version: 2.0.5 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: CVE-2017-17651...

CVE-2017-17594

DomainSale PHP Script 1.0 has SQL Injection via the domain.php id parameter...

Design/Logic Flaw

Scubez Posty Readymade Classifieds has Incorrect Access Control for visiting admin/useractivatesubmit.php aka the backend PHP script, which might allow remote attackers to obtain sensitive information via a direct request...

CVE-2017-17568

Scubez Posty Readymade Classifieds has Incorrect Access Control for visiting admin/useractivatesubmit.php aka the backend PHP script, which might allow remote attackers to obtain sensitive information via a direct request...

Sql injection

DomainSale PHP Script 1.0 has SQL Injection via the domain.php id parameter...

CVE-2017-17594

DomainSale PHP Script 1.0 has SQL Injection via the domain.php id parameter...

Car Rental Script 2.0.4 SQL Injection

Exploit Title: Car Rental Script 2.0.4 - SQL Injection Dork: N/A Date: 10.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/car-rental-script/ Version: 2.0.4 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A Exploit Author: Ihs...

Advanced Real Estate Script 4.0.7 SQL Injection

Exploit Title: Advanced Real Estate Script 4.0.7 - SQL Injection Dork: N/A Date: 10.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/advanced-real-estate-script/ Version: 4.0.7 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A...

MLM Forced Matrix 2.0.9 SQL Injection

Exploit Title: MLM Forced Matrix 2.0.9 - SQL Injection Dork: N/A Date: 10.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/mlm-forced-matrix/ Version: 2.0.9 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A Exploit Author: Ihs...

Opensource Classified Ads Script 3.2 SQL Injection

...

Multivendor Penny Auction Clone Script 1.0 SQL Injection

Exploit Title: Multivendor Penny Auction Clone Script 1.0 - SQL Injection Dork: N/A Date: 08.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/penny-auction-script/ Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A...

Resume Clone Script 2.0.5 SQL Injection

Exploit Title: Resume Clone Script 2.0.5 - SQL Injection Dork: N/A Date: 10.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/resume-builder-script/ Version: 2.0.5 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A Exploit Autho...

Basic Job Site Script 2.0.5 SQL Injection Vulnerability

Exploit for php platform in category web applications Ver Ayari 0day.today 2018-04-12...

Readymade Video Sharing Script 3.2 SQL Injection

Exploit Title: Readymade Video Sharing Script 3.2 - SQL Injection Dork: N/A Date: 09.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/php-video-sharing-script/ Version: 3.2 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A...

Single Theater Booking Script 3.2.1 SQL Injection

Exploit Title: Single Theater Booking Script 3.2.1 - SQL Injection Dork: N/A Date: 09.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/single-theater-booking-script/ Version: 3.2.1 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE:...