7 matches found
Cross-site Scripting (XSS) - Reflected in falconchristmas/fpp
✍️ Description Reflected XSS in playlists.php when a user asked to add a note in Sequence Entry, resulting in XSS. 🕵️♂️ Proof of Concept https://drive.google.com/file/d/1uU9IxbH3A45V8BSgtFOBrc5Gwj7S7k56/view?usp=sharing 💥 Impact This vulnerability is capable of doing Reflected XSS...
Cross-site Scripting (XSS) - Reflected in falconchristmas/fpp
✍️ Description FalconChristmas/fpp suffer from a XSS vulnerability. In https://github.com/FalconChristmas/fpp/blob/master/www/playlists.phpL15 we see : php var initialPlaylist = ""; XSS is possible because the playlist variable isn't sanitized before reflection in the webpage. 🕵️♂️ Proof of...
PHP Melody 2.6.1 SQL Injection Vulnerability
Exploit for php platform in category web applications --------------------------------------------------- PHP Melody 2.6.1 SQL Injection --------------------------------------------------- + Author : Venkat Rajgor + Email : email protected + Vulnerability : SQL injection ---------info...
PHP Melody 2.6.1 SQL Injection
--------------------------------------------------- PHP Melody 2.6.1 SQL Injection --------------------------------------------------- + Author : Venkat Rajgor + Email : [email protected] + Vulnerability : SQL injection ---------info Cms---------------- name : PHP Melody version 2.6.1 email :...
Sql injection
In PHPSUGAR PHP Melody CMS 2.6.1, SQL Injection exists via the playlist parameter to playlists.php...
CVE-2017-15081
In PHPSUGAR PHP Melody CMS 2.6.1, SQL Injection exists via the playlist parameter to playlists.php...
CVE-2017-15081
CVE-2017-15081 : In PHPSUGAR PHP Melody CMS 2.6.1, there is a SQL Injection in the parameter playlist of playlists.php. The vulnerability is demonstrated in public exploit listings (e.g., payloads showing UNION-based injections) and CNVD/CVE records describe that an attacker can inject SQL to acc...