448 matches found
CVE-2022-1561
The CVE-2022-1561 issue concerns Lura and KrakenD-CE before 2.0.2 and KrakenD-EE before 2.0.0 where URL parameters aren’t sanitized, enabling a crafted URL to alter the backend URL defined for a pipe. The vulnerability does not affect KrakenD itself, but the consumed backend may be vulnerable. Re...
ZZCMS SQL注入漏洞
zzcms Webmaster Merchants Content Management System, developed by the zzcms team, incorporates database optimization, content caching, AJAX and other technologies to make the site's security, stability, and load capacity is reliably guaranteed. The source code is open and the functional modules a...
GHSA-23X9-8HXR-978C OpenStack Identity (Keystone) Trustee token revocations does not work with memcache backend
The memcache token backend in OpenStack Identity Keystone 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, does not include this token in the trustee's token-index-list, which prevents the token from being...
Verydows 路径遍历漏洞
Verydows is a lightweight open source e-commerce management system developed using the PHP language . Verydows v2.0 has a security vulnerability , an attacker can ackenddatabasecontroller.php for arbitrary file deletion...
PT-2022-13397 · 1Byte · Copy9 +8
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: The backend infrastructure shared by multiple mobile device monitoring services does not adequately authenticate or authorize API requests, creating an Insecure Direct Object...
CVE-2021-46087
In jfinalcms = 5.1 0, there is a storage XSS vulnerability in the background system of CMS. Because developers do not filter the parameters submitted by the user input form, any user with background permission can affect the system security by entering malicious code...
CVE-2021-45014
There is an upload sql injection vulnerability in the background of taocms 3.0.2 in parameter id:action=cms&ctrl=update&id=26...
WTCMS 跨站脚本漏洞
WTCMS is a content management system CMS based on ThinkPHP.A cross-site scripting vulnerability exists in the link fields under the menu management module of the WTCMS backend. No detailed vulnerability details are provided at this time...
WTCMS 跨站脚本漏洞
WTCMS is a content management system CMS based on ThinkPHP. a cross-site scripting vulnerability exists in the link address field under the link module of the WTCMS backend. No details of the vulnerability are currently available...
Github developer-be 代码问题漏洞
Edgegallery developer-be is a developer platform that provides development tools/testing environment/online deployment for App developers, divided into two parts: developer-be is the backend part, providing interface calls, and developer-fe is the frontend part, providing interface display...
Authorization Bypass
modsecurity-crs is vulnerable to authorization bypass. An attacker is able to exploit a vulnerability in the backend that results in a CRS request body bypass that abuses trailing pathname information...
Command Execution Vulnerability in CmsEasy Backend
CmsEasy is a web content management system based on PHP Mysql architecture and a PHP development platform. A command execution vulnerability exists in the CmsEasy backend. An attacker can exploit the vulnerability to gain server privileges...
Command Execution Vulnerability in Weiphp Backend
WeiPHP is an open source WeChat public platform development framework to build a personal WeChat public account operation platform. A command execution vulnerability exists in the Weiphp backend. Attackers can use the vulnerability to obtain server privileges...
SQL Injection Vulnerability in Ke361 Backend Ca***.cl***.php
Ke361 is an open source Taobao system, based on the latest ThinkPHP3.2 version of the development, to provide a more convenient and secure WEB application development experience, the Taobao system adopts a new architectural design and namespace mechanism, the integration of modular, driven and...
OurPHP backend has an arbitrary file read vulnerability
OurPHP is an enterprise e-commerce marketing website building system. OurPHP backend has an arbitrary file reading vulnerability, which can be exploited by an attacker to read any system file...
Updated kernel packages fix security vulnerabilities
This kernel update is based on upstream 5.10.19 and fixes at least the following security issues: An information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel. A userland application can read the contents of the sigpage, which can leak kernel memory contents. An...
SQL injection vulnerability in SeaCMS backend (CNVD-2021-14497)
SeaCMS Ocean CMS is a web content management system based on PHP+MYSQL architecture and supports cross-platform operation. A SQL injection vulnerability exists in the backend of SeaCMS. An attacker can exploit this vulnerability to obtain sensitive information from the database...
Command Execution Vulnerability in songcms Backend
SongCMS is a PHP MySQL, ASP Access/SQL Server based development, enterprise-oriented, multi-language support, free, open source CMS to help business users to quickly build and deploy enterprise-level portals. A command execution vulnerability exists in the backend of songcms. An attacker can...
Command execution vulnerability in the backend of the Guojiz international web site navigation system (CNVD-2021-12802)
Guojiz International Website Navigation System is developed with ThinkPHP5.0 PHP7.0 Mysql Apache/Nginx/iis, a CMS program suitable for small and medium-sized webmasters to build websites. Guojiz international web site navigation system back-end command execution vulnerability, an attacker can use...
Exploit for Improper Authentication in Projectsend
This repository contains the description of the vulnerability fo...