89 matches found
Stored XSS Vulnerability in BEESCMS Enterprise Website Management System admin_book.php Backend
BEESCMS is an enterprise website management system. A stored XSS vulnerability exists in the 'adminbook.php' backend of BEESCMS. An attacker can exploit this vulnerability to implant cross-site script files and obtain sensitive information such as user cookies...
BEESCMS admin/admin_pic.php has an arbitrary file upload vulnerability
BEESCMS is a content management system. A file upload vulnerability exists in the BEESCMS admin/adminpic.php page, which allows attackers to exploit the vulnerability by modifying the filename suffix to php to upload webshell files...
BeesCMS _V4.0_R_20160525 SQL注射(突破全局防护)
后台登录处验证码设计缺陷漏洞 首先是后台登录页面/admin/login.php验证码形同虚设,一次验证后在不刷新的情况下可以多次提交请求。这就为这里的注入提供了前提条件。 SQL Injection 在admin/login.php中,登录处的核心代码是: php //判断登录 elseif$action=='cklogin' global $submit,$user,$password,$sys,$code; $submit=$POST'submit'; $user=flhtmlflvalue$POST'user';...
Beescms V4.0 在文件mx_form.php处存在后台登陆绕过漏洞
No description provided by source...
BEESCMS V4.0的文件member.php存在多处注入漏洞
No description provided by source...
BEESCMS 3.4 /admin.php 登录绕过漏洞
No description provided by source...
BEESCMS 3.3 /order_save.php SQL注入漏洞
No description provided by source...
beescms 3.3 /mx_form/order_save.php SQL注入漏洞
No description provided by source...
BEESCMS 3.4 order_save.php SQL注入漏洞
No description provided by source...