all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Revenue Collection System 1.0 SQL Injection / Remote Code Execution

Add to bookmarks
Nov. 16, 2022, 4:13 p.m. |

Packet Storm packetstormsecurity.com

Revenue Collection System version 1.0 suffers from an unauthenticated SQL injection vulnerability in step1.php that allows remote attackers to write a malicious PHP file to disk. The resulting file can then be accessed within the /rates/admin/DBbackup directory. This script will write the malicious PHP file to disk, issue a user-defined command, then retrieve the result of that command.

code code execution collection injection remote code execution revenue sql sql injection system

Visit resource

More from packetstormsecurity.com / Packet Storm

Apache Solr Backup/Restore API Remote Code Execution an hour ago | packetstormsecurity.com
11.2 apache apache solr api +17
Ubuntu Security Notice USN-6748-1 an hour ago | packetstormsecurity.com
attack attacker cross-site issue +9
Ubuntu Security Notice USN-6747-1 an hour ago | packetstormsecurity.com
arbitrary code attacker code denial of service +16
Ubuntu Security Notice USN-6742-2 an hour ago | packetstormsecurity.com
attacker authentication bluetooth connections +11
Relate Learning And Teaching System SSTI / Remote Code Execution an hour ago | packetstormsecurity.com
batch code code execution exam +13
Nginx 1.25.5 Host Header Validation an hour ago | packetstormsecurity.com
bug header host malice +2
Red Hat Security Advisory 2024-2033-03 an hour ago | packetstormsecurity.com
advisory enterprise libreswan linux +5
Red Hat Security Advisory 2024-2011-03 an hour ago | packetstormsecurity.com
advisory buffer buffer overflow buffer overflow vulnerability +12
Red Hat Security Advisory 2024-2010-03 an hour ago | packetstormsecurity.com
advisory components crlf injection denial of service +19

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Senior Security Specialist

@ Lely | Maassluis, Netherlands
View on infosec-jobs.com

IT Security Manager (Corporate Security) (REF822R)

@ Deutsche Telekom IT Solutions | Budapest, Hungary
View on infosec-jobs.com

Senior Security Architect

@ Cassa Centrale Banca - Credito Cooperativo Italiano | Trento, IT, 38122
View on infosec-jobs.com

Senior DevSecOps Engineer

@ Raft | Las Vegas, NV (Remote)
View on infosec-jobs.com

Product Manager - Compliance

@ Arctic Wolf | Remote - Colorado
View on infosec-jobs.com
View more jobs