354 matches found
CVE-2018-11527
CVE-2018-11527 affects CScms v4.1, where a Cross-site request forgery (CSRF) in plugins/sys/admin/Sys.php allows remote attackers to change the administrator’s username and password via /admin.php/sys/editpass_save. Exploitation details are not provided beyond the path, but the vulnerability enab...
CVE-2018-11527
An issue was discovered in CScms v4.1. A Cross-site request forgery CSRF vulnerability in plugins/sys/admin/Sys.php allows remote attackers to change the administrator's username and password via /admin.php/sys/editpasssave...
Cscms v3.53.5 SQL Injection Vulnerability in Frontend
Cscms is a diversified content management system developed using PHP5+MYSQL as the technical basis. Cscms v3.53.5 has a SQL injection vulnerability in the frontend. An attacker can exploit the vulnerability to obtain sensitive information from the database...
Command Execution Vulnerability in Cscms v3.5 Backend
Cscms is a diversified content management system developed using PHP5+MYSQL as the technical basis. A command execution vulnerability exists in the backend of Cscms v3.5, which allows attackers to remotely execute commands and gain server privileges...
Cscms v4.1.8 Command Execution Vulnerability in Backend
Cscms is a diversified content management system developed using PHP5+MYSQL as the technical basis. Cscms v4.1.8 has a command execution vulnerability in the backend. An attacker can execute php commands by uploading malicious compressed files...
Arbitrary File Deletion Vulnerability in Cscms Version v4.1.8
Cscms is a diversified content management system developed using PHP5+MYSQL as the technical basis. Cscms v4.1.8 has an arbitrary file deletion vulnerability. An attacker can use this vulnerability to delete arbitrary files from the background and violently execute a reinstallation getshell...
File Write Vulnerability in Cscms v4.1.8
Cscms is a diversified content management system developed using PHP5+MYSQL as the technical basis. A file write vulnerability exists in Cscms v4.1.8, which is due to the system failing to effectively filter input parameters and file paths. An attacker can use this vulnerability to inject Trojan...
CSCMS /user/do.php SQL注入漏洞
No description provided by source...
CSCMS在app/controllers/api/count.php中存在sql注入
No description provided by source...
CSCMS 3.5.6 /app/controllers/user/reg.php SQL注入漏洞
No description provided by source...
Cscms 3.5 /app/controllers/dance.php SQL注入漏洞
No description provided by source...
CSCMS V3.5 最新补丁后 又一个SQL注射(源码详析)
简要描述: CSCMS V3.5 最新补丁后 又一个SQL注射(源码详析) 之前的注射已经修补了,但是还有几处注射点没有注意到 详细说明: 在addslash + 引号保护 的情况下 要格外注意数字型变量的处理 /app/controllers/home.php line:1020 public function gbookdel header"Expires: Mon, 26 Jul 1997 05:00:00 GMT"; header"Cache-Control: no-cache, must-revalidate"; header"Pragma: no-cache";...
CSCMS V3.5 最新版 SQL注射(官方站演示+源码详析)
简要描述: CSCMS V3.5 最新版 存在着注射漏洞,已经在官方演示站证实 http://demo.chshcms.com/ 代码分析在 详细说明 中,实站演示在 漏洞证明中 详细说明: /app/controllers/user/music.php line 16 public function index //用户会员中心-音乐-我分享的-中文舞曲 $data=''; //下面几句使用了xssclean,并不会过滤SQL注射字符,尤其是单引号 $yid = $this-security-xssclean$this-input-get'yid', TRUE;...
CSCMS V3.5 最新版 后台命令执行GETSHELL(源码详析)
简要描述: CSCMS V3.5 最新版 后台PHP命令执行GETSHELL(源码详析) CSCMS的全新架构加强了安全性,以往的一串漏洞均已修复, 读代码,发现还有新的漏洞 代码分析见详细说明,测试演示在漏洞证明里 详细说明: 漏洞位置为后台的 网站设置-第三方登录设置 中 有关代码如下: /app/controllers/admin/setting.php line:426 public function dengluedit //设置第三方登录的几项配置 $this-CsdjAdmin-AdminQx'4'; //注意,本处已使用xssclean过滤特定字符,之后的结论会用到...