CVE-2022-1670

CVE-2022-1670 describes a vulnerability in Octopus Server where the validation on generated user invitation codes (the number of users the code remains valid for) can be bypassed, allowing creation of additional user accounts beyond the intended invited count. Affected: Octopus Server’s invitatio...

Octopus Server 安全漏洞

Octopus Server is an automated deployment platform. A security vulnerability exists in Octopus Server that stems from the fact that when Octopus Server generates a user invitation code, it can set the validity of that invitation code for a specific number of users. An attacker could use this...

CVE-2021-24239

The Pie Register – User Registration Forms. Invitation based registrations, Custom Login, Payments WordPress plugin before 3.7.0.1 does not sanitise the invitaioncode GET parameter when outputting it in the Activation Code page, leading to a reflected Cross-Site Scripting issue...

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress plugin Payments versions prior to 3.7.0.1,...

CVE-2015-7377

Cross-site scripting XSS vulnerability in pie-register/pie-register.php in the Pie Register plugin before 2.0.19 for WordPress allows remote attackers to inject arbitrary web script or HTML via the invitaioncode parameter in a pie-register page to the default URI...

用友某管理系统SQL注入

简要描述： 求个邀请码 来学习 详细说明： http://radm.chanjet.com http://125.35.5.144:81/fixsys/Default.aspx admin' or '1'='1 漏洞证明： admin' or '1'='1...

Pie Register 2.0.14-2.0.15 - SQL Injection

User input is not validated correctly when accepting an Invitation Code, as such an SQL Injection attack is possible. This attack is triggered when the parameters ‘showdashwidget’ and ‘invitaioncode’ are provided to any page, by any user anonymous or otherwise. PoC import requests,base64,re...