8 matches found
CVE-2025-15250 08CMS Novel System Template mtpls.inc.php code injection
A security vulnerability has been detected in 08CMS Novel System up to 3.4. This issue affects some unknown processing of the file admina/mtpls.inc.php of the component Template Handler. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit has been...
08CMS Novel System 代码注入漏洞
08CMS Novel System is a novel system of China Dingdot 08CMS company. A code injection vulnerability exists in 08CMS Novel System 3.4 and earlier versions, which stems from incorrect manipulation of the file admina/mtpls.inc.php in the component Template Handler, which can lead to code injection...
08cms (=1.0.0), 1pif-to-keepass (=0.1.0) +6782 more potentially affected by CVE-2022-21222 via css-what (>=1.0.0 <=2.1.0)
css-what NPM version =1.0.0, =0.0.1, =0.1.0, =0.0.1, =0.0.0, =1.0.0, =1.0.1, =0.0.1, =2.0.0, =2.2.0 - @battlemidget/generator-nm =1.4.1 - @benzed/dev =0.9.0 and more Source cves: CVE-2022-21222 Source advisory: OSV:GHSA-P28H-CC7Q-C4FG...
08cms (=1.0.0), 18a58t9c-upload (>=1.0.0 <=1.0.3) +3477 more potentially affected by CVE-2022-25851 via jpeg-js (>=0.0.1 <=0.4.3)
jpeg-js NPM version =0.0.1, =1.0.0, =0.1.0, =1.0.0, =1.0.0, =0.0.2, =0.0.1, =0.0.3, =1.0.0, =0.0.2, =2.2.1, =3.4.7 - @lan/uni-libs =0.0.3 and more Source cves: CVE-2022-25851 Source advisory: OSV:GHSA-XVF7-4V9Q-58W6...
Stored Cross-Site Scripting Vulnerability in 08CMS Auto Portal System Rental Function
08CMS Automotive Portal System is a high-end solution for automotive portals, based on PHP+MYSQL development, super static page deployment, template and program separation, scalable architecture, open code, unlimited support for deep secondary development. A stored cross-site scripting...
08CMS info.php 参数tblprefix SQL注入漏洞
0x01影响范围 08cms广泛应用于汽车、房产系统。厂商: http://www.08cms.com/ 08cms 谷歌关键字用户量很大: 0x02漏洞描述 08cms在文件info.php处对参数tblprefix过滤不严格,导致出现SQL注入漏洞。远程攻击者可以构造SQL语句,执行恶意操作。 0x03漏洞详情 SQL注入点: /info.php?fid=1&tblprefix=cmsmsession tblprefix存在注入 0x04漏洞证明 可以构造如下poc进行利用: http://.com/info.php?fid=1&tblprefix=cmsmsession where...
08cms 4 /include/paygate/alipay/pays.php SQL注入漏洞
No description provided by source...
08CMS novel search-injected - scripts vulnerability-vulnerability warning-the black bar safety net
By: thexiaoCon A large cow, don't shoot the bricks, for the first time. | The following is quoted fragment: //Search for the word pre-processing $searchword = empty$searchword ? ": cutstrtrim$searchword,5 0,"; $da'searchword' = $searchword; if$searchword $filterstr .= $filterstr ? '&' :...