7210 matches found
Cross-site Scripting in GeniXCMS
In Genixcms v1.1.11, a stored Cross-Site Scripting XSS vulnerability exists in /gxadmin/index.php?page=themes&view=options" via the introtitle and introimage parameters...
BloofoxCms Cross-Site Scripting Vulnerability (CNVD-2022-17027)
BloofoxCms is a Php-based text content management system from alexlang24 personal developer. bloofoxCMS suffers from a cross-site scripting vulnerability that stems from the lack of user-supplied data and output data validation filtering in the file and type parameters in index.php. An attacker...
CVE-2021-44608
Multiple Cross Site Scripting XSS vulnerabilities exists in bloofoxCMS 0.5.2.1 - 0.5.1 via the 1 file parameter and 2 type parameter in an edit action in index.php...
CVE-2021-44610
Multiple SQL Injection vulnerabilities exist in bloofoxCMS 0.5.2.1 - 0.5.1 via the 1 URLs, 2 langid, 3 tmplid, 4 modrewrite 5 etadoctype. 6 metacharset, 7 defaultgroup, and 8 page group parameters in the settings mode in admin/index.php...
CVE-2021-44608
Multiple Cross Site Scripting XSS vulnerabilities exists in bloofoxCMS 0.5.2.1 - 0.5.1 via the 1 file parameter and 2 type parameter in an edit action in index.php...
Sql injection
Multiple SQL Injection vulnerabilities exist in bloofoxCMS 0.5.2.1 - 0.5.1 via the 1 URLs, 2 langid, 3 tmplid, 4 modrewrite 5 etadoctype. 6 metacharset, 7 defaultgroup, and 8 page group parameters in the settings mode in admin/index.php...
Directory traversal
A Directory Traversal vulnerability exits in Processwire CMS before 2.7.1 via the download parameter to index.php...
Lfi-ProcessWire Cms 路径遍历漏洞
Ryan Cramer Design Lfi-ProcessWire Cms is a free Content Management System Cms and Framework Cmf from Ryan Cramer Design USA designed to save you time and work the way you want. A path traversal vulnerability exists in Ryan Cramer Design Lfi-ProcessWire Cms versions prior to 2.7.1, which stems fr...
CVE-2021-44608
Multiple Cross Site Scripting XSS vulnerabilities exists in bloofoxCMS 0.5.2.1 - 0.5.1 via the 1 file parameter and 2 type parameter in an edit action in index.php...
CVE-2022-23375
WikiDocs version 0.1.18 has an authenticated remote code execution vulnerability. An attacker can upload a malicious file using the image upload form through index.php...
Remote code execution
WikiDocs version 0.1.18 has an authenticated remote code execution vulnerability. An attacker can upload a malicious file using the image upload form through index.php...
CVE-2022-23375
WikiDocs version 0.1.18 contains an authenticated remote code execution vulnerability. An attacker can upload a malicious file via the image upload form through index.php, enabling remote code execution. Multiple connected sources corroborate the issue, including Red Hat and other advisories. The...
WikiDocs 安全漏洞
WikiDocs is a database-free Markdown flat file Wiki engine from the personal developer Manuel Zavatta in Italy. WikiDocs suffers from a security vulnerability that stems from the fact that an attacker can exploit the vulnerability to upload malicious files via index.php using the image upload for...
Cross-site Scripting (XSS) - Generic
Description The user-controlled GET user parameter in index.php is unsanitized resulting in Cross-Site Scripting. Proof of Concept Endpoint: GET https://HOST/edit/user File: /web/edit/user/index.phpL11 // Check user argument if empty$GET'user' header"Location: /list/user/"; exit; Request...
Cross-site Scripting (XSS) - Reflected
Description The user-controlled GET domain parameter in index.php is unsanitized resulting in Reflected Cross-Site Scripting. Proof of Concept Endpoint: GET https://HOST/edit/web/ // File: /web/edit/web/index.phpL28 // List domain $vdomain = $GET'domain'; // User controllable parameter if...
GHSA-75JP-87W2-C6X2 ThinkPHP Remote Code Execution (RCE) vulnerability
A Remote Code Execution RCE vulnerability exists in ThinkPHP 3.x.x via valuefilename in index.php, which could let a malicious user obtain server control privileges...
ThinkPHP Remote Code Execution (RCE) vulnerability
A Remote Code Execution RCE vulnerability exists in ThinkPHP 3.x.x via valuefilename in index.php, which could let a malicious user obtain server control privileges...
CVE-2021-44892
A Remote Code Execution RCE vulnerability exists in ThinkPHP 3.x.x via valuefilename in index.php, which could let a malicious user obtain server control privileges...
CVE-2021-44892
A Remote Code Execution RCE vulnerability exists in ThinkPHP 3.x.x via valuefilename in index.php, which could let a malicious user obtain server control privileges...
Remote code execution
A Remote Code Execution RCE vulnerability exists in ThinkPHP 3.x.x via valuefilename in index.php, which could let a malicious user obtain server control privileges...