Joomla! Component VMap 1.9.6 - SQL Injection

Joomla! Component VMap 1.9.6 - SQL Injection Exploit Title: Joomla! Component VMap 1.9.6 - SQL Injection Dork: N/A Date: 2019-01-23 Exploit Author: Ihsan Sencan Vendor Homepage: http://wdmtech.com/ Software Link:...

Joomla VMap 1.9.6 Component - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Joomla! Component VMap 1.9.6 - SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://wdmtech.com/ Software Link: https://extensions.joomla.org/extensions/extension/maps-a-weather/maps-a-locations/vmap/ Version: 1.9....

CVE-2019-6294

An issue was discovered in EasyCMS 1.5. There is CSRF via the index.php?s=/admin/articlem/insert/navTabId/listarticle/callbackType/closeCurrent URI...

CVE-2019-6294

An issue was discovered in EasyCMS 1.5. There is CSRF via the index.php?s=/admin/articlem/insert/navTabId/listarticle/callbackType/closeCurrent URI...

i-doit CMDB 1.12 - Arbitrary File Download Vulnerability

Exploit for php platform in category web applications Exploit Title: i-doit CMDB 1.12 - Arbitrary File Download Exploit Author: Ihsan Sencan Vendor Homepage: https://www.i-doit.org/ Software Link: https://netcologne.dl.sourceforge.net/project/i-doit/i-doit/1.12/idoit-open-1.12.zip Version: 1.12...

CVE-2019-5886

An issue was discovered in ShopXO 1.2.0. In the application\install\controller\Index.php file, there is no validation lock file in the Add method, which allows an attacker to reinstall the database. The attacker can write arbitrary code to database.php during system reinstallation...

CVE-2019-5725

qibosoft through V7 allows remote attackers to read arbitrary files via the member/index.php main parameter, as demonstrated by SSRF to a URL on the same web site to read a .sql file...

CVE-2019-5488

EARCLINK ESPCMS-P8 has SQL injection in the installpack/index.php?ac=Member&at=verifyAccount verifykey parameter. installpack/espcmspublic/espcmsdb.php may allow retrieving sensitive information from the ESPCMS database...

CVE-2019-5311

An issue was discovered in YUNUCMS V1.1.8. app/index/controller/Show.php has an XSS vulnerability via the index.php/index/show/index cw parameter...

CVE-2019-5311

An issue was discovered in YUNUCMS V1.1.8. app/index/controller/Show.php has an XSS vulnerability via the index.php/index/show/index cw parameter...

Design/Logic Flaw

Osclass 3.7.4 has XSS via the query string to index.php, a different vulnerability than CVE-2014-6280...

CVE-2018-14481

Osclass 3.7.4 has XSS via the query string to index.php, a different vulnerability than CVE-2014-6280...

CVE-2018-14481

Osclass 3.7.4 has XSS via the query string to index.php, a different vulnerability than CVE-2014-6280...

CVE-2018-14481

OSClass 3.7.4 is affected by CVE-2018-14481: it has Cross-Site Scripting (XSS) via the query string to index.php (notably in the OSClass 3.7.4 release, separate from CVE-2014-6280). Other connected sources describe multiple XSS vulnerabilities in OSClass 3.7.4, including potential reflections and...

Design/Logic Flaw

UCMS 1.4.7 has XSS via the dir parameter in an index.php sadminfileedit action...

Design/Logic Flaw

UCMS 1.4.7 allows remote attackers to execute arbitrary PHP code by entering this code during an index.php sadminfileedit action...

Design/Logic Flaw

UCMS 1.4.7 has XSS via the description parameter in an index.php listeditpost action...

CVE-2018-20597

UCMS 1.4.7 has XSS via the dir parameter in an index.php sadminfileedit action...

CVE-2018-20601

UCMS 1.4.7 has XSS via the description parameter in an index.php listeditpost action...

CVE-2018-20599

CVE-2018-20599 affects UCMS 1.4.7, where input during the index.php sadmin_fileedit action can be used to execute arbitrary PHP code, enabling remote code execution. The issue is described across multiple sources (NVD/Red Hat/NVD mirror), confirming that the vulnerability stems from the sadmin_fi...