Design/Logic Flaw

An issue was discovered in DESTOON B2B 7.0. XSS exists via certain text boxes to the admin.php?moduleid=2&action=add URI...

CMS Made Simple Cross-Site Scripting Vulnerability (CNVD-2018-21252)

CMS Made Simple CMSMS is an open source content management system CMS developed by the CMSMS team. The system supports role-based rights management system , wizard-based installation and update mechanism , intelligent caching mechanism and so on. A cross-site scripting vulnerability exists in the...

CMS Made Simple Cross-Site Scripting Vulnerability (CNVD-2018-21249)

CMS Made Simple CMSMS is an open source content management system CMS developed by the CMSMS team. The system supports role-based rights management system , wizard-based installation and update mechanism , intelligent caching mechanism and so on. A cross-site scripting vulnerability exists in the...

CVE-2018-18324

CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.480 has XSS via the admin/fileManager2.php fmcurrentdir parameter, or the admin/index.php module, servicestart, servicefullstatus, servicerestart, servicestop, or file within the fileeditor parameter...

CVE-2018-18270

XSS exists in CMS Made Simple version 2.2.7 via the m1newsurl parameter in an admin/moduleinterface.php "Content--News--Add Article" action...

GhostDNS: New DNS Changer Botnet Hijacked Over 100,000 Routers

Chinese cybersecurity researchers have uncovered a widespread, ongoing malware campaign that has already hijacked over 100,000 home routers and modified their DNS settings to hack users with malicious web pages—especially if they visit banking sites—and steal their login credentials. Dubbed...

CVE-2018-12491

PHPOK 4.9.032 has an arbitrary file upload vulnerability in the importf function in framework/admin/moduleccontrol.php, as demonstrated by uploading a .php file within a .php.zip archive, a similar issue to CVE-2018-8944...

CMS Made Simple Arbitrary File Deletion Vulnerability (CNVD-2018-08982)

CMS Made Simple CMSMS is an open source content management system CMS developed by the CMSMS team. The system supports role-based rights management system , wizard-based installation and update mechanism , intelligent caching mechanism and so on. An arbitrary file deletion vulnerability exists in...

CVE-2018-10031

CMS Made Simple aka CMSMS 2.2.7 has CSRF in admin/moduleinterface.php...

CVE-2018-10026

The WeChat module in YzmCMS 3.7.1 has reflected XSS via the admin/module/init.html echostr parameter, related to the valid function in application/wechat/controller/index.class.php...

CVE-2018-7893

CMS Made Simple CMSMS 2.2.6 has stored XSS in admin/moduleinterface.php via the metadata parameter...

CVE-2018-7893

CMS Made Simple CMSMS 2.2.6 has stored XSS in admin/moduleinterface.php via the metadata parameter...

CMS Made Simple Cross-Site Scripting Vulnerability (CNVD-2018-06376)

CMS Made Simple CMSMS is an open source content management system CMS developed by the CMSMS team. The system supports role-based rights management system , wizard-based installation and update mechanism , intelligent caching mechanism and so on. A cross-site scripting vulnerability exists in the...

CVE-2018-7219

application/admin/controller/Admin.php in NoneCms 1.3.0 has CSRF, as demonstrated by changing an admin password or adding an account via a public/index.php/admin/admin/edit.html request...

CMS Made Simple Cross-Site Scripting Vulnerability (CNVD-2018-02620)

CMS Made Simple is a simple, easy-to-use content management system developed using PHP, MySQL and Smarty template engines. A cross-site scripting vulnerability exists in CMS Made Simple CMSMS 2.2.5. The vulnerability can be exploited to conduct cross-site scripting attacks via the m1errors...

CVE-2017-16799

In CMS Made Simple 2.2.3.1, in modules/New/action.addcategory.php, stored XSS is possible via the m1name parameter to admin/moduleinterface.php during addition of a category, a related issue to CVE-2010-3882...

SLiMS Cross-Site Request Forgery Vulnerability

SLiMS 8 Akasia is an open source, free library management system. A security vulnerability exists in SLiMS 8 Akasia 8.3.1 and earlier versions. A remote attacker can leverage the 'passwd1' and 'passwd2' in the admin/modules/system/appuser.php changecurrent=true operation to trick users into...

CVE-2017-7363

Pixie 1.0.4 allows an admin/index.php s=publish&m=module&x= XSS attack...

ShopBuilder module\adv\admin\adv. php, etc. 5 SQL injection

ShopBuilder description ShopBuilder is designed for large and medium-sized enterprises to develop the professional-level e-Commerce Mall system, powerful, safe and convenient, can carry tens of millions of views, make the enterprise low-cost to quickly build an online Mall, turn on the e-Commerce...

Request Forgery Vulnerability in OurPHP Server Side

OurPHP 傲派建站系统 is a website content management system developed using PHP language, the developer is Harbin Weicheng Technology Co. The upload file management module under the "Global/Interface" module in the administration background of OurPHP has a hidden remote file download function. Since the...