PT-2024-15964 · Sichuan Yougou Technology · Kuerp

Name of the Vulnerable Software and Affected Versions: Sichuan Yougou Technology KuERP versions up to 1.0.4 Description: A critical vulnerability was found in the function checklogin of the file /application/index/common.php. The manipulation of the arguments App User id and App user Token leads ...

CVE-2024-0648

A vulnerability has been found in Yunyou CMS up to 2.2.6 and classified as critical. This vulnerability affects unknown code of the file /app/index/controller/Common.php. The manipulation of the argument templateFile leads to unrestricted upload. The attack can be initiated remotely. The exploit...

Out-of-bounds

A vulnerability has been found in Yunyou CMS up to 2.2.6 and classified as critical. This vulnerability affects unknown code of the file /app/index/controller/Common.php. The manipulation of the argument templateFile leads to unrestricted upload. The attack can be initiated remotely. The exploit...

CVE-2024-0648 Yunyou CMS Common.php unrestricted upload

A vulnerability has been found in Yunyou CMS up to 2.2.6 and classified as critical. This vulnerability affects unknown code of the file /app/index/controller/Common.php. The manipulation of the argument templateFile leads to unrestricted upload. The attack can be initiated remotely. The exploit...

YUNUCMS Code Issues Vulnerabilities

YUNUCMS is a website CMS. YUNUCMS 2.2.6 and earlier versions have a code issue vulnerability, the vulnerability stems from the parameter templateFile in file /app/index/controller/Common.php has an arbitrary file upload vulnerability...

Command injection

A vulnerability was found in DolphinPHP up to 1.5.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file common.php of the component Incomplete Fix CVE-2021-46097. The manipulation of the argument id leads to os command injection. The attack ca...

CVE-2023-0935 DolphinPHP Incomplete Fix CVE-2021-46097 common.php os command injection

A vulnerability was found in DolphinPHP up to 1.5.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file common.php of the component Incomplete Fix CVE-2021-46097. The manipulation of the argument id leads to os command injection. The attack ca...

CVE-2023-0935 DolphinPHP Incomplete Fix CVE-2021-46097 common.php os command injection

A vulnerability was found in DolphinPHP up to 1.5.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file common.php of the component Incomplete Fix CVE-2021-46097. The manipulation of the argument id leads to os command injection. The attack ca...

PT-2023-16623 · Unknown · Dolphinphp

Name of the Vulnerable Software and Affected Versions: DolphinPHP versions up to 1.5.1 Description: A critical issue was found in DolphinPHP, affecting an unknown functionality of the file common.php. The manipulation of the id argument leads to os command injection. This issue can be exploited...

Dolphinphp 代码问题漏洞

DolphinPhp is an open source Php rapid development framework based on ThinkPhp 5.1.34 Lts. A security vulnerability exists in Dolphinphp v1.5.0, which stems from a lack of command data filtering and escaping in common.php, allowing an attacker to perform remote code execution...

SQL Injection

codeigniter4/framework is vulnerable to SQL injection. The old function in system/Common.php does not properly sanitize the user input, which allows a remote attacker to inject arbitrary SQL commands to the APIs...

CVE-2020-13764

common.php in the Gravity Forms plugin before 2.4.9 for WordPress can leak hashed passwords because userpass is not considered a special case for a $currentuser-get$property call...

Design/Logic Flaw

The removeXSS function in App/Common/common.php called from App/Modules/Index/Action/SearchAction.class.php in EasyCMS v1.4 allows XSS via an onhashchange event...

CVE-2018-16759

The removeXSS function in App/Common/common.php called from App/Modules/Index/Action/SearchAction.class.php in EasyCMS v1.4 allows XSS via an onhashchange event...

CVE-2018-16759

The CVE-2018-16759 entry concerns EasyCMS v1.4. The vulnerability is in the removeXSS function (App/Common/common.php), invoked by App/Modules/Index/Action/SearchAction.class.php, which allows cross-site scripting via an onhashchange event. The issue is concretely described across multiple source...

Variable Override Vulnerability in DuomiCms_V1.32

DuomiCms is a specialized video-on-demand system. A variable override vulnerability exists in the common.php page of DuomiCms version 1.32. An attacker can exploit the vulnerability to cause arbitrary login in the background...

mxBB Module mx_tinies <= 1.3.0 - Remote File Include Vulnerability

No description provided by source. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + + + mxtinies 1.3.0 common.php File Include Vulnerability + + + + Bugfounder: bd0rk || SOH-Crew + + + + Homepage1: www.soh-crew.it.tt + + + + Homepage2: www.school-of-hack.de + + + + eMail:...

RedBLoG 0.5 common.php root_path Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/20115/info The redblog application is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the...

nitrotech 0.0.3a (rfi/sql) Multiple Vulnerabilities

No description provided by source. Name: Nitrotech 0.0.3a Multiple Remote Vulnerabilities Download: http://sourceforge.net/project/downloading.php?groupname=nitrotech&filename=nitrotech003a.zip&usemirror=garr Author: Osirys, thanks to x0r Contact: [email protected] Nitrotech cms is vulnerable to...

Post Revolution <= 0.7.0 RC 2 (dir) Remote File Inclusion Vulnerability

No description provided by source. Post Revolution Remote File Inclusion Affected Software .: Post Revolution 6.6 / 7.0 Release Candidate 2 Download..: http://www.fabio.com.ar/postrev/ Risk ..............: high Date .........: 25/3/2007 Found by ..........: InyeXion Contact ...........:...