774 matches found
CVE-2023-46482
SQL injection vulnerability in wuzhicms v.4.1.0 allows a remote attacker to execute arbitrary code via the Database Backup Functionality in the coreframe/app/database/admin/index.php component...
Sql injection
SQL injection vulnerability in wuzhicms v.4.1.0 allows a remote attacker to execute arbitrary code via the Database Backup Functionality in the coreframe/app/database/admin/index.php component...
PT-2023-30045 · Wuzhicms · Wuzhi Cms
Name of the Vulnerable Software and Affected Versions: wuzhicms version 4.1.0 Description: The issue allows a remote attacker to execute arbitrary code via the Database Backup Functionality in the coreframe/app/database/admin/index.php component. This is a SQL injection vulnerability...
WUZHI CMS Security Vulnerabilities
WUZHI CMS is a PHP and MySQL based open source content management system CMS from WUZHI. A security vulnerability exists in WUZHI CMS version v.4.1.0, which originates from the presence of a SQL injection vulnerability that allows remote attackers to execute arbitrary code via the database backup...
CVE-2023-46482
SQL injection vulnerability in wuzhicms v.4.1.0 allows a remote attacker to execute arbitrary code via the Database Backup Functionality in the coreframe/app/database/admin/index.php component...
CVE-2023-46482
SQL injection vulnerability in wuzhicms v.4.1.0 allows a remote attacker to execute arbitrary code via the Database Backup Functionality in the coreframe/app/database/admin/index.php component...
Design/Logic Flaw
A vulnerability was found in ZZZCMS 2.1.7 and classified as critical. Affected by this issue is the function restore of the file /admin/save.php of the component Database Backup File Handler. The manipulation leads to permission issues. The attack may be launched remotely. The exploit has been...
CVE-2023-5263 ZZZCMS Database Backup File save.php restore permission
A vulnerability was found in ZZZCMS 2.1.7 and classified as critical. Affected by this issue is the function restore of the file /admin/save.php of the component Database Backup File Handler. The manipulation leads to permission issues. The attack may be launched remotely. The exploit has been...
CVE-2023-5263 ZZZCMS Database Backup File save.php restore permission
A vulnerability was found in ZZZCMS 2.1.7 and classified as critical. Affected by this issue is the function restore of the file /admin/save.php of the component Database Backup File Handler. The manipulation leads to permission issues. The attack may be launched remotely. The exploit has been...
CVE-2023-5263
The CVE concerns ZZZCMS 2.1.7. It targets the restore function in the Database Backup File Handler’s /admin/save.php, where improper handling leads to permission issues. The vulnerability can be exploited remotely, and public disclosures exist (exploit has been disclosed). Affected component: Dat...
PT-2023-31984 · Zzcms · Zzcms
Name of the Vulnerable Software and Affected Versions: ZZZCMS version 2.1.7 Description: A critical issue was found in the restore function of the /admin/save.php file, part of the Database Backup File Handler component. This issue leads to permission problems and can be exploited remotely. The...
CVE-2023-41335
CVE-2023-41335 affects the Synapse Matrix homeserver. When users update passwords, the new credentials may be briefly held in the server’s database, potentially ending up in backups longer than expected. The issue does not grant new capabilities but violates expectations around password storage. ...
CVE-2022-46901
An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is an Access Control Violation for Database Operations. The Vocera Report Console contains a websocket interface that allows for the unauthenticated execution of various tasks and database functions. This...
Migrate Citrix Virtual Apps and Desktop databases to a new SQL server
Please follow these steps. 1.Close all instances of Citrix studio. Any configuration changes even through powershell to be stopped while following the stepsYou can power down DDCs to be extra cautious Take VM snapshot or take backup of all Delivery Controllers. 2. Take full backup of Site, Monito...
WordPress Backup Migration 1.2.8 Backup Disclosure
Exploit Title: WordPress Plugin Backup Migration 1.2.8 - Unauthenticated Database Backup Google Dork: intitle:"Index of /wp-content/plugins/backup-backup" AND inurl:"plugins/backup-backup/" Date: 2023-05-10 Exploit Author: Wadeek Vendor Homepage: https://backupbliss.com/ Software Link:...
WordPress Backup Migration 1.2.8 Plugin - Unauthenticated Database Backup Vulnerability
Exploit Title: WordPress Plugin Backup Migration 1.2.8 - Unauthenticated Database Backup Google Dork: intitle:"Index of /wp-content/plugins/backup-backup" AND inurl:"plugins/backup-backup/" Exploit Author: Wadeek Vendor Homepage: https://backupbliss.com/ Software Link:...
Citrix Endpoint Management (aka XenMobile Server) 10.15.0 Rolling Patch 2
Package name: xms10.15.0.10220.bin For: XenMobile Server 10.15.0 Deployment type: On-premises only Replaces: xms10.15.0.10125.bin Date: April 2023 Languages supported: English US Important notes about this update As a best practice, Citrix recommends that you install this and other updates to...
SQL Injection leads to code execution
Description This vulnerability allows the attacker to leverage a SQL injection attack in the database backup functionality to write arbitrary data to an arbitrary file on disk anywhere where the user can write. This includes the webroot in a default installation allowing the attack to place a web...
Local file inclusion leading to RCE
Description The api handling endpoint allows for a local file inclusion that can lead to remote code execution. It requires a valid api token which can be obtained via a database backup with account access, a number of different sql injections with account access, or stolen from a user. Proof of...
Revenue Collection System 安全漏洞
Revenue Collection System is a land property billing and payment software by Carlo Montero Individual Developer. A security vulnerability exists in Revenue Collection System version v1.0 that stems from improper access control of its /admin/DBbackup/ component allowing an unauthenticated attacker...