12 matches found
Critical severity vulnerability in Ignition
The Ignition page before version 2.0.5 for Laravel mishandles globals, get, post, cookie, and env. NOTE: in the 1.x series, versions 1.16.15 and later are unaffected as a consequence of the CVE-2021-43996 fix...
CVE-2018-19836
In Metinfo 6.1.3, include/interface/applogin.php allows setting arbitrary HTTP headers including the Cookie header, and common.inc.php allows registering variables from the $COOKIE value. This issue can, for example, be exploited in conjunction with CVE-2018-19835 to bypass many XSS filters such ...
CVE-2018-19836
MetInfo 6.1.3 is affected by CVE-2018-19836. The vulnerability stems from include/interface/applogin.php allowing arbitrary HTTP header manipulation (including Cookie) and common.inc.php registering variables from $_COOKIE. This combination can enable an attacker to influence request headers and ...
Privilege escalation
CMS Made Simple CMSMS 2.2.7 contains a privilege escalation vulnerability from ordinary user to admin user by arranging for the effuid value within $COOKIE$this-loginkey to equal 1, because files in the tmp/ directory are accessible through HTTP requests. NOTE: this vulnerability exists because o...
Remote Code Execution (RCE) Through Deserialization
Subrion CMS is vulnerable to remote code execution RCE. A malicious user can and execute arbitrary code by passing a string of a serialized object to the server through $COOKIE'salt' when submitting a login request. This causes the server to execute the unserialize function that will result in...
Mastery oa 2015 \inc\common.inc.php approve_finish function injection vulnerability
Recently made public measured when encountered on a system, The 2015 version of the latest update date: 2016-07-22 Injection the analysis \inc\common.inc.php ? php function SecureRequest&$var if isarray$var foreach $var as $k = $v $var$k = securerequest$v; else if 0 strlen$var &&...
tccms v8 注入一枚
简要描述: 过滤不严。 详细说明: 在app/controller/picture.class.php 中 public $objName = 'picture'; public function all $Obj = M$this-objName; $categoryObj = M"category"; $Obj-pageSize = 20; $where = "1=1"; $key = $POST'key'; $cid = $GET'cid'; if $key != "" $where .= " and id = '" . $key . "' or title like...
Scripteen Free Image Hosting Script 2.3 - SQL Injection
=================== Scripteen Free Image Hosting Script v2.3 SQL Injection vulnerable =================== The vulnerable: header.php line 53-62 $userid=$SESSION'userid'; $usergid=$SESSION'usergid'; if !$userid || empty$userid || $userid=="" $userid = $COOKIE'cookid'; if !$usergid || empty$usergid...
CuteNews 1.4.5 - Admin Password md5 Hash Fetching
?php errorreportingEALL; /////////////////////////////////////////////////////////////////////// /////////////////////////////////////////////////////////////////////// // Cutenews = 1.4.5 admin password md5 hash fetching exploit // Version 1.0 // written by Janek Vind "waraxe" //...
TCExam 4.0.011 - SessionUserLang Shell Injection
TCExam 4.0.011 - SessionUserLang Shell Injection resource = array; // set selecteed language $this-language = strtoupper$language; // set filename for cache $this-cachefile = $cachefile; if fileexists$this-cachefile // read data from cache requireonce$this-cachefile; $this-resource = $tmx; else i...
Php5 GPC bypass flaw-vulnerability warning-the black bar safety net
In the discussion of specific defects before we start to learn a little about php security aspect of small things. magicquotesgpc option is php one of the important security settings, when the option is ON that is open at the time, all from GET, POST, COOKie is passed over the data in the'," and,...
CVE-2004-2352
The CVE-2004-2352 entry documents a Cross-site Scripting (XSS) vulnerability in GBook for PHP-Nuke 1.0. Affected component: GBook for PHP-Nuke 1.0; vulnerability type: XSS via cookies stored in the $_COOKIE variable that are not cleansed by PHP-Nuke. Impact: remote attackers could inject arbitrar...