cmslittle-lfi.txt

====================================================================== CMS little index.php template Local File Inclusion Vulnerability ====================================================================== ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground...

Directory traversal

Directory traversal vulnerability in index.php in Simple PHP Agenda 2.2.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. dot dot in the page parameter...

WebBlizzard CMS 'index.php' SQL注入漏洞

BUGTRAQ ID: 30074 CNCAN ID：CNCAN-2008070701 WebBlizzard CMS是一款基于PHP的WEB应用程序。 WebBlizzard CMS不正确处理用户提交的输入，远程攻击者可以利用漏洞进行SQL注入攻击，可能获得敏感信息或操作数据库。 问题由于'index.php'脚本对用户提交给WEB参数缺少过滤，构建恶意SQL查询作为参数数据，可更改原来的SQL逻辑，获得敏感信息或操作数据库。 WebBlizzard CMS 目前没有解决方案提供： http://www.webblizzard.de/ /usr/bin/perl |+| Vendor...

Directory traversal

Multiple directory traversal vulnerabilities in index.php in FOG Forum 0.8.1 allow remote attackers to include and execute arbitrary local files via a .. dot dot in the 1 foglang and 2 fogskin parameters, probably related to libs/required/share.inc; and possibly the 3 fogpseudo, 4 fogposted, 5...

CVE-2008-2996

GBX 2.0 Beta (Gravity Board X) has multiple SQL injection vulnerabilities in index.php. Specifically, two parameters are exploitable: searchquery in getsearch and board_id in viewboard, and these issues occur when magic_quotes_gpc is disabled. The CVE-2008-2996 entry documents remote execution of...

CMS little (index.php template) Local File Inclusion Vulnerability

No description provided by source. ====================================================================== CMS little index.php template Local File Inclusion Vulnerability ====================================================================== ,--^----------,--------,-----,-------^--, | |||||||||...

CMS WebBlizzard (index.php page) Blind SQL Injection Exploit

Exploit for unknown platform in category web applications...

Sql injection

SQL injection vulnerability in index.php in KbLance allows remote attackers to execute arbitrary SQL commands via the catid parameter in a comment action...

Sql injection

SQL injection vulnerability in index.php in HoMaP-CMS 0.1 allows remote attackers to execute arbitrary SQL commands via the go parameter...

CVE-2008-2962

Multiple cross-site scripting XSS vulnerabilities in MyBlog allow remote attackers to inject arbitrary web script or HTML via the 1 s and 2 sort parameters to index.php, and the 3 id parameter to post.php...

Sql injection

SQL injection vulnerability in index.php in Demo4 CMS 01 Beta allows remote attackers to execute arbitrary SQL commands via the id parameter...

Session fixation

Multiple session fixation vulnerabilities in Academic Web Tools AWT YEKTA 1.4.3.1, and 1.4.2.8 and earlier, allow remote attackers to hijack web sessions by setting the PHPSESSID parameter to 1 index.php and 2 login.php in homepg/...

CVE-2008-2972

SQL injection vulnerability in index.php in KbLance allows remote attackers to execute arbitrary SQL commands via the catid parameter in a comment action...

CVE-2008-2983

SQL injection vulnerability in index.php in Demo4 CMS 01 Beta allows remote attackers to execute arbitrary SQL commands via the id parameter...

CVE-2008-2972

CVE-2008-2972 describes a SQL injection vulnerability in the KbLance product, where the index.php comment action accepts a malicious value in the cat_id parameter, allowing an attacker to execute arbitrary SQL commands. This is documented across multiple sources (NVD entry, CVE records, and relat...

CVE-2008-2963

CVE-2008-2963 affects MyBlog via Multiple SQL injection vulnerabilities. The issues occur in the web app’s PHP files where unsafely handled user input is used in SQL queries: the view parameter to index.php, and the id parameter to member.php and post.php. Root cause is improper input handling le...

CMS little 0.0.1 - template Local File Inclusion

CMS little 0.0.1 - template Local File Inclusion ====================================================================== CMS little index.php template Local File Inclusion Vulnerability ====================================================================== ,--^----------,--------,-----,-------^--,...

CMS little (index.php template) Local File Inclusion Vulnerability

Exploit for unknown platform in category web applications ================================================================== CMS little index.php template Local File Inclusion Vulnerability ================================================================== ,--^----------,--------,-----,-------^--...

php-Agenda 2.2.4 (index.php page) Local File Inclusion Vulnerability

No description provided by source. @===========================================@ | Author = StAkeR [email protected] | @===========================================@ + @==========================================================================@ | Simple PHP Agenda = 2.2.4 Local File Inclusion...

CMS little 0.0.1 - 'template' Local File Inclusion

====================================================================== CMS little index.php template Local File Inclusion Vulnerability ====================================================================== ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground...