EUVD-2019-7921

Malware in sbrugna...

EUVD-2020-18547

Malware in sbrugna...

SPA-Cart eCommerce CMS Cross-Site Request Forgery Vulnerability

SPA-Cart eCommerce CMS is a CMS system from SPA-Cart Inc. A security vulnerability exists in SPA-Cart eCommerce CMS version 1.9.0.3 that stems from the presence of a cross-site request forgery CSRF vulnerability. An attacker can exploit the vulnerability to add an administrator user with role...

sunkaifei FlyCms 跨站请求伪造漏洞

sunkaifei FlyCms is sunkaifei open source application . A similar to Zhihu to Q&A based on the fully open source JAVA language development of social networking site builder . sunkaifei FlyCms version 1.0 security vulnerabilities , the vulnerability stems from the existence of cross-site request...

CVE-2022-36577

An issue was discovered in jizhicms v2.3.1. There is a CSRF vulnerability that can add a admin...

JIZHICMS 跨站请求伪造漏洞

JIZHICMS 極致网络科技 JIZHICMS is an open source content management system CMS from China JIZHICMS. version v2.3.1 of JIZHICMS has a security vulnerability that stems from the existence of a CSRF vulnerability that can add administrators. No detailed vulnerability details are available at this time...

EC Cloud E-Commerce System 跨站请求伪造漏洞

Amazon Web Services Ec Cloud E-Commerce System is a cloud-based e-commerce system from Amazon Web Services, Inc. A security vulnerability exists in EC Cloud E-Commerce System version 1.3, which allows an attacker to arbitrarily add an administrator account via "/admin.html?do=user&act=add"...

Dswjcms 跨站请求伪造漏洞

Dswjcms is for individuals and personal lending launched a free p2p open source project , based on the Thinkphp architecture of the industry system , fully automated installation mode , quickly build a P2P website . Dswjcms 1.6.4 version of the existence of cross-site request forgery vulnerabilit...

Cross site request forgery (csrf)

index.php/admin/permissions in Ignited CMS through 2017-02-19 allows CSRF to add an administrator...

CVE-2018-15851

An issue was discovered in Flexo CMS v0.1.6. There is a CSRF vulnerability that can add an administrator via /admin/user/add...

CVE-2018-15851

An issue was discovered in Flexo CMS v0.1.6. There is a CSRF vulnerability that can add an administrator via /admin/user/add...

CVE-2018-12739

In BEESCMS 4.0, CSRF allows administrators to be added arbitrarily, a related issue to CVE-2018-10266...

BEESCMS 4.0 - Cross-Site Request Forgery (Add Admin)

Exploit Title: A CSRF vulnerability exists in BEESCMSV4.0: The administrator can be added arbitrarily. Date: 2018-06-25 Exploit Author: bay0net Vendor Homepage: https://www.cnblogs.com/v1vvwv/p/9226389.html Software Link: http://www.beescms.com/ Version: BEESCMS - V4.0 CVE : CVE-2018-12739 A CSRF...

BEESCMS 4.0 Cross Site Request Forgery

Exploit Title: A CSRF vulnerability exists in BEESCMSV4.0: The administrator can be added arbitrarily. Date: 2018-06-25 Exploit Author: bay0net Vendor Homepage: https://www.cnblogs.com/v1vvwv/p/9226389.html Software Link: http://www.beescms.com/ Version: BEESCMS - V4.0 CVE : CVE-2018-12739 A CSRF...

LFCMS Cross-Site Request Forgery Vulnerability

LFCMS is a PHP based on THINKPHP3.2.3 framework development, suitable for all kinds of video, film and television websites, film and television content management program. LFCMS 3.7.0 admin.php cross-site request forgery vulnerability exists. Remote attackers can use this vulnerability to hijack...

DoorGets Cross-Site Request Forgery Vulnerability

doorGets is a content management system CMS. The system supports multiple languages, and system backups and theme changes, etc. A cross-site request forgery vulnerability exists in doorGets version 7.0 in dg-user/?controller=users&action=add. A remote attacker can exploit this vulnerability to ad...

CVE-2018-10266

BEESCMS 4.0 has a CSRF vulnerability to add an administrator account via the admin/adminadmin.php?nav=listadminuser&adminpnav=user URI...

SDCMS V1.1 Arbitrary Administrator Addition Vulnerability in Frontend

SDCMS is a PHP 3-in-1 website management system independently developed by Fireworks Network. SDCMS V1.1 foreground exists arbitrary administrator to add a vulnerability, an attacker can use the vulnerability in the foreground to arbitrarily add an administrator account...

Espcms latest version backend has csrf vulnerability

ESPCMS enterprise website management system is a powerful enterprise website management system built on LAMP development. Espcms background csrf vulnerability, attackers can with the vulnerability to forge cross-site requests, add new administrator users, resulting in information leakage...

mcms最新版任意表的任意字段注入+添加管理员+任意数据删除

简要描述： mcms最新版任意表的任意字段注入+添加管理员+任意数据删除 详细说明： 前两天在wooyun提了两个漏洞，一天就确认修复了，而且出了新版本，那我就去官网下个最新（v3.1.1.enterprise）的来看看学习学习吧。 问题一：任意表的任意字段注入 注入一枚：POST /app/user/info.php?m=save&ajax=1 POST中有个参数modelname，这个参数是用来与数据表前缀（TBPRE）拼接需要操作的数据表的表名的，在获得modelname时并没有过滤，因此，在数据表名可就可以进行注入了，当然，可以利用任意表的任意字段来进行注入。...