Church Management System 1.0 – Remote Code Execution (RCE) (Unauthenticated)
Church Management System 1.0 – Remote Code Execution (RCE) (Unauthenticated)
Online Food Ordering System 2.0 – Remote Code Execution (RCE) (Unauthenticated)
WordPress 5.7 – ‘Media Library’ XML External Entity Injection (XXE) (Authenticated)
Church Management System 1.0 – ‘search’ SQL Injection (Unauthenticated)
T-Soft E-Commerce 4 – change ‘admin credentials’ Cross-Site Request Forgery (CSRF)
Simple Attendance System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
Cloudron version 6.2 suffers from a cross site scripting vulnerability.
Library Management System version 1.0 suffers from a remote blind time-based SQL injection vulnerability.
WordPress WooCommerce Booster plugin version 5.4.3 suffers from an authentication bypass vulnerability.
This Metasploit module exploits a buffer overflow within the ‘action’ parameter of the /uapi-cgi/instantrec.cgi page of Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx, EFD-22xx, ETHC-22xx, and EWPC-22xx devices running firmware versions…