Command Execution Vulnerability in Rice CMS (CNVD-2020-32477)

DAMI CMS is a free open source, fast, simple PC building and mobile building integrated all-in-one system. Command execution vulnerability exists in Daimi CMS, which can be exploited by attackers to execute malicious code and obtain server administrative privileges...

Command Execution Vulnerability in Rice CMS (CNVD-2020-32478)

DAMI CMS is a free open source, fast, simple PC building and mobile building integrated all-in-one system. Command execution vulnerability exists in Daimi CMS, which can be exploited by attackers to execute malicious code and obtain server administrative privileges...

Stored Cross-Site Scripting Vulnerability in the Daimi CMS da***.me***.php File (CNVD-2019-06660)

DAMI CMS is a PC building station and cell phone building station integrated all-in-one system. A stored cross-site scripting vulnerability exists in the dam.mem.php file of the Dami CMS. An attacker can insert malicious js code into the page to obtain user cookies and other information, leading ...

DamiCMS Directory Traversal Vulnerability

DamiCMS is a content management system CMS for building websites quickly. A directory traversal vulnerability exists in the admin.php file in DamiCMS version 6.0.1, which can be exploited to read the contents of the file with the help of the '|' character in the 's' parameter...

DamiCMS Cross-Site Request Forgery Vulnerability

DamiCMS is a content management system CMS for building websites quickly. A cross-site request forgery vulnerability exists in DamiCMS version 6.0.0. A remote attacker can exploit this vulnerability to add an administrator account with the help of the admin.php?s=/Admin/doadd URL...

Arbitrary File Read Vulnerability in Rice CMS v5.5.3

DAMI CMS is a free open source, fast, simple PC station and cell phone station integration integration system, is committed to providing users with simple, fast PC station and smart phone station solutions. The version of DAMI CMS V5.5.332017-04-15 has an arbitrary file reading vulnerability, whi...

Cross-Site Scripting Vulnerability in Daimi CMS v5.5.3

DAMI CMS is a free open source, fast, simple PC station and cell phone station integration integration system, is committed to providing users with simple, fast PC station and smart phone station solutions. A cross-site scripting vulnerability exists in version V5.5.332017-04-15 of DAMI CMS, whic...

Code Execution Vulnerability in Rice CMS v5.5.3

DAMI CMS is a free open source, fast, simple PC station and cell phone station integration integration system, is committed to providing users with simple, fast PC station and smart phone station solutions. A code execution vulnerability exists in version V5.5.32017-04-15 of DAMI CMS, which can b...

Directory Traversal Vulnerability in Rice CMS v5.5.3

DAMI CMS is a free open-source, fast, simple PC station and cell phone station integration integration system, is committed to providing users with simple, fast PC station and smartphone station building solutions. A directory traversal vulnerability exists in the version V5.5.332017-04-15 of DAM...

SQL Injection Vulnerability in Multiple Backend Locations in Daimi CMS v5.9.9

DAMI CMS is a free open-source, fast, simple PC station and cell phone station integration integration system, is committed to providing users with simple, fast PC station and smartphone station building solutions. A SQL injection vulnerability exists in several places in the backend of DAMI CMS...

Arbitrary File Read Vulnerability in Rice CMS

DAMI CMS is a free open-source, fast, simple PC station and cell phone station integration integration system, is committed to providing users with simple, fast PC station and smartphone station building solutions. A vulnerability exists in version 5.9.9 of DAMI CMS, which can be exploited by...

SQL Injection Vulnerability in Rice CMS v5.99

DAMI CMS is a free open-source, fast, simple PC station and cell phone station integration integration system, is committed to providing users with simple, fast PC station and smartphone station building solutions. There is a SQL injection vulnerability in the back-end of DAMI CMS v5.99, which ca...

大米CMS一处sql注入

简要描述： Rt 详细说明： 上次提交了一次，原因没说明白，，看了半天搞清楚了 \Web\Lib\Action\MemberAction.class.php文件中 147-163行 function modpage self::islogin; $aid = intval$REQUEST'aid'; if$POST $POST'status' =0; $POST'title' = htmlspecialchars$POST'title'; M'article'-where'damiuid='.$SESSION'damiuid'.' and aid='.$aid-save$POST;...