Cross-site Scripting (XSS) - Reflected in falconchristmas/fpp

✍️ Description Reflected XSS in playlists.php when a user asked to add a note in Sequence Entry, resulting in XSS. 🕵️‍♂️ Proof of Concept https://drive.google.com/file/d/1uU9IxbH3A45V8BSgtFOBrc5Gwj7S7k56/view?usp=sharing 💥 Impact This vulnerability is capable of doing Reflected XSS...

Cross-site Scripting (XSS) - Reflected in falconchristmas/fpp

✍️ Description FalconChristmas/fpp suffer from a XSS vulnerability. In https://github.com/FalconChristmas/fpp/blob/master/www/playlists.phpL15 we see : php var initialPlaylist = ""; XSS is possible because the playlist variable isn't sanitized before reflection in the webpage. 🕵️‍♂️ Proof of...

PHP Melody 2.6.1 SQL Injection Vulnerability

Exploit for php platform in category web applications --------------------------------------------------- PHP Melody 2.6.1 SQL Injection --------------------------------------------------- + Author : Venkat Rajgor + Email : email protected + Vulnerability : SQL injection ---------info...

PHP Melody 2.6.1 SQL Injection

--------------------------------------------------- PHP Melody 2.6.1 SQL Injection --------------------------------------------------- + Author : Venkat Rajgor + Email : [email protected] + Vulnerability : SQL injection ---------info Cms---------------- name : PHP Melody version 2.6.1 email :...

CVE-2017-15081

In PHPSUGAR PHP Melody CMS 2.6.1, SQL Injection exists via the playlist parameter to playlists.php...

Sql injection

In PHPSUGAR PHP Melody CMS 2.6.1, SQL Injection exists via the playlist parameter to playlists.php...

CVE-2017-15081

CVE-2017-15081 : In PHPSUGAR PHP Melody CMS 2.6.1, there is a SQL Injection in the parameter playlist of playlists.php. The vulnerability is demonstrated in public exploit listings (e.g., payloads showing UNION-based injections) and CNVD/CVE records describe that an attacker can inject SQL to acc...