Tag
#php
The ABB BMS/BAS controller is operating with default and hard-coded credentials contained in install package while exposed to the Internet.
The ABB Cylon Aspect version 3.07.00 BMS/BAS controller suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the host HTTP GET parameter called by networkDiagAjax.php script.
PHP SPM version 1.0 suffers from a PHP code injection vulnerability.
PHP ACRSS version 1.0 suffers from a PHP code injection vulnerability.
Online mcq System version 1.0 suffers from a cross site scripting vulnerability.
Online Job Search System version 1.0 suffers from an arbitrary file upload vulnerability.
Online Flight Booking System version 1.0 suffers from an arbitrary file upload vulnerability.
Multi Branch School Management System version 3.5 suffers from a backup disclosure vulnerability.
Complete Multi Hospital Management System version 1.0 suffers from a backup disclosure vulnerability.
Traccar version 5.1 suffers from a PHP code injection vulnerability.