168 matches found
CVE-2021-46093
CVE-2021-46093 details (connected documents): eliteCMS v1.0 is vulnerable to an insecure permissions/file upload issue via manage_uploads.php. Multiple sources describe a web content management platform (Elite Graphix Elite Cms) affected by a file upload vulnerability that, due to lack of proper ...
eliteCMS 1.0 'page' Parameter SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/30990/info eliteCMS is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input. Attackers may exploit this issue to compromise the application, access or modify data, or exploit...
elitecms 1.01 (sql/xss) Multiple Vulnerabilities
No description provided by source. eliteCMS 1.01 SQL/XSS Multiple Remote Vulns by xenohive greets to daganarus, dearest of all my friends. SQL injection requires magicquotes = off -/includes/functions.php --------------------------------- 89. function getpagesettings ... 92. $query = SELECT FROM...
eliteCMS installation file did not validate + the word written to the security vulnerability-vulnerability warning-the black bar safety net
eliteCMS installation program after the installation is not locked, cause hackers can access setup addresses repeat the installation 另外 一 个 漏洞 是 安装 程序 可以 直接 写 入 一句话 到 admin/includes/config.php We look at the code: ... elseif $GET'step' == "4" $file = "../admin/includes/config.php"; $write = "?...
eliteCMS Multiple Cross Site Scripting Vulnerabilities
eliteCMS is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the conte...
eliteCMS Multiple Cross Site Scripting Vulnerabilities
eliteCMS is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the conte...
eliteCMS 1.01 - Multiple Cross-Site Scripting Vulnerabilities
eliteCMS 1.01 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/41537/info eliteCMS is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. An...
eliteCMS 1.01 - Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/41537/info eliteCMS is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. An attacker may leverage these issues to execute arbitrary script cod...
eliteCMS 1.01 Cross Site Request Forgery
Vulnerability ID: HTB22355 Reference: http://www.htbridge.ch/advisory/xsrfcsrfinelitecms.html Product: eliteCMS Vendor: Elite Graphix Vulnerable Version: 1.01 and Probably Prior Versions Vendor Notification: 19 April 2010 Vulnerability Type: CSRF Cross-Site Request Forgery Status: Not Fixed, Vend...
eliteCMS Cross Site Scripting
Vulnerability ID: HTB22354 Reference: http://www.htbridge.ch/advisory/xssinelitecms.html Product: eliteCMS Vendor: Elite Graphix Vulnerable Version: 1.01 and Probably Prior Versions Vendor Notification: 18 April 2010 Vulnerability Type: XSS Cross Site Scripting Status: Not Fixed, Vendor Alerted,...
XSRF (CSRF) in eliteCMS
Vulnerability ID: HTB22355 Reference: http://www.htbridge.ch/advisory/xsrfcsrfinelitecms.html Product: eliteCMS Vendor: Elite Graphix Vulnerable Version: 1.01 and Probably Prior Versions Vendor Notification: 19 April 2010 Vulnerability Type: CSRF Cross-Site Request Forgery Status: Not Fixed, Vend...
XSS in eliteCMS
Vulnerability ID: HTB22354 Reference: http://www.htbridge.ch/advisory/xssinelitecms.html Product: eliteCMS Vendor: Elite Graphix Vulnerable Version: 1.01 and Probably Prior Versions Vendor Notification: 18 April 2010 Vulnerability Type: XSS Cross Site Scripting Status: Not Fixed, Vendor Alerted,...
Cross-site Scripting Vulnerabilities in eliteCMS
High-Tech Bridge SA Security Research Lab has discovered two vulnerabilities in eliteCMS which could be exploited to perform cross-site scripting XSS attacks. 1 Cross-site scripting XSS vulnerabilities in eliteCMS 1.1 An input sanitation error was found in the "page" parameter in...
eliteCMS Detection
This host is running eliteCMS a free, PHP and MySQL driven Content Management System. OpenVAS Vulnerability Test $Id: eliteCMSdetect.nasl 5721 2017-03-24 14:42:01Z cfi $ eliteCMS Detection Authors: Michael Meyer Copyright: Copyright c 2009 Greenbone Networks GmbH This program is free software; yo...
eliteCMS multiple Vulnerabilities
eliteCMS is prone to a vulnerability that lets attackers upload and execute arbitrary PHP code. The application is also prone to a cross-site scripting issue and to a SQL Injection Vulnerability. These issues occur because the application fails to sufficiently sanitize user-supplied input...
eliteCMS Detection
This host is running eliteCMS a free, PHP and MySQL driven Content Management System. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if...
eliteCMS Multiple Vulnerabilities
eliteCMS is prone to a vulnerability that lets attackers upload and execute arbitrary PHP code. The application is also prone to a cross-site scripting issue and to a SQL Injection Vulnerability. These issues occur because the application fails to sufficiently sanitize user-supplied input...
eliteCMS 1.01 XSS / SQL Injection
eliteCMS 1.01 SQL/XSS Multiple Remote Vulns by xenohive greets to daganarus, dearest of all my friends. SQL injection requires magicquotes = off -/includes/functions.php --------------------------------- 89. function getpagesettings ... 92. $query = "SELECT FROM pages WHERE id = '$GET'page''"; 93...
eliteCMS 1.01 (SQL/XSS) Multiple Remote Vulnerabilities
No description provided by source. eliteCMS 1.01 SQL/XSS Multiple Remote Vulns by xenohive greets to daganarus, dearest of all my friends. SQL injection requires magicquotes = off -/includes/functions.php --------------------------------- 89. function getpagesettings ... 92. $query = "SELECT FROM...
eliteCMS 1.01 (SQL/XSS) Multiple Remote Vulnerabilities
Exploit for unknown platform in category web applications ======================================================= eliteCMS 1.01 SQL/XSS Multiple Remote Vulnerabilities ======================================================= eliteCMS 1.01 SQL/XSS Multiple Remote Vulns by xenohive greets to...