19 matches found
EUVD-2021-26595
Malware in sbrugna...
EUVD-2019-5886
Malware in sbrugna...
CVE-2019-14746
A issue was discovered in KuaiFanCMS 5.0. It allows eval injection by placing PHP code in the install.php dbname parameter and then making a config.php request...
KuaiFanCMS Arbitrary File Read Vulnerability
KuaiFanCMS later referred to as KF using PHP5 + MYSQL as the technical basis for the development of KF using the Smarty template engine to build a site system. KuaiFanCMS V5 has a security vulnerability, the vulnerability stems from KuaiFanCMS V5 in chakanhtml.module.php file HTML url parameter...
CVE-2021-3256
KuaiFanCMS V5.x contains an arbitrary file read vulnerability in the htmlurl parameter of the chakanhtml.module.php file...
CVE-2021-3256
KuaiFanCMS V5.x contains an arbitrary file read vulnerability in the htmlurl parameter of the chakanhtml.module.php file...
Design/Logic Flaw
KuaiFanCMS V5.x contains an arbitrary file read vulnerability in the htmlurl parameter of the chakanhtml.module.php file...
CVE-2021-3256
KuaiFanCMS V5.x has an arbitrary file read vulnerability in the html_url parameter of the chakanhtml.module.php file. The issue stems from the html_url parameter handling in that module, allowing an attacker to read arbitrary files and potentially obtain sensitive information. Multiple sources (C...
CVE-2021-3256
KuaiFanCMS V5.x contains an arbitrary file read vulnerability in the htmlurl parameter of the chakanhtml.module.php file...
KuaiFan 参数注入漏洞
KuaiFanCMS later referred to as KF using PHP5 + MYSQL as the technical basis for the development of KF using the Smarty template engine to build a site system. KuaiFanCMS V5 has a security vulnerability, the vulnerability stems from KuaiFanCMS V5 in chakanhtml.module.php file HTML url parameter...
Directory Traversal Vulnerability in KuaiFanCMS
KuaiFanCMS is developed using PHP5+MYSQL as the technical base. kf is built using Smarty template engine. KuaiFanCMS has a directory traversal vulnerability that can be exploited by attackers to obtain sensitive information...
CVE-2019-14746
A issue was discovered in KuaiFanCMS 5.0. It allows eval injection by placing PHP code in the install.php dbname parameter and then making a config.php request...
CVE-2019-14746
A issue was discovered in KuaiFanCMS 5.0. It allows eval injection by placing PHP code in the install.php dbname parameter and then making a config.php request...
Design/Logic Flaw
A issue was discovered in KuaiFanCMS 5.0. It allows eval injection by placing PHP code in the install.php dbname parameter and then making a config.php request...
CVE-2019-14746
CVE-2019-14746 affects KuaiFanCMS 5.0. The issue is an eval injection vulnerability: an attacker can place PHP code in the install.php db_name parameter and trigger it via a subsequent config.php request, enabling code execution as described. The connected documents confirm this vector and impact...
CVE-2019-14746
A issue was discovered in KuaiFanCMS 5.0. It allows eval injection by placing PHP code in the install.php dbname parameter and then making a config.php request...
Stored Cross-Site Scripting Vulnerability in KuaiFanCMS V4.0
KuaiFanCMS V5.x hereinafter referred to as KF uses PHP5+MYSQL as the technical basis for development.KF is built with Smarty template engine. KuaiFanCMS V4.0 has a stored cross-site scripting vulnerability. An attacker can insert malicious js code into a page to obtain user cookies and other...
SQL Injection Vulnerability in KuaiFanCMS V5.0
KuaiFanCMS V5.x hereinafter referred to as KF uses PHP5+MYSQL as the technical basis for development.KF is built with Smarty template engine. KuaiFanCMS V5.0 has a SQL injection vulnerability. An attacker can exploit the vulnerability to obtain sensitive information from the database...
Local File Containment Vulnerability in KuaiFanCMS
KuaiFanCMS V5.x is developed with PHP5+MYSQL as the technical base. kf is built with Smarty template engine. A local file include vulnerability exists in the KuaiFanCMS /upload/index.php file. Due to the parameters within the include are not filtered, can lead to .class.php suffix file include, i...