115 matches found
File upload vulnerability in CLTPHP backend
CLTPHP is a content management system based on ThinkPHP5 development with Layui framework in the backend. A file upload vulnerability exists in the CLTPHP backend. An attacker can exploit the vulnerability to write php files and gain server privileges...
File Upload Vulnerability in HisiPHP v2.0.10 Backend
HisiPHP is a ThinkPHP5.1 + Layui based development of a general-purpose back-end management framework , the default integration of permissions management , module management , plug-in management , hooks management , database management and other commonly used functions . HisiPHP v2.0.10 file uplo...
Guojiz Change Password Interface Has Arbitrary User Privilege Vulnerability
Guojiz is a light community system based on layui front-end framework and thinkphp. Guojiz password change interface has any user privilege vulnerability, an attacker can use this vulnerability to modify any user's data table information, so as to enhance their own or other people's privileges...
XSS vulnerability in Guojiz
Guojiz is a light community system based on layui front-end framework and thinkphp. Guojiz has an XSS vulnerability that can be exploited by an attacker to obtain an administrator cookie...
Code Execution Vulnerability in EasyAdmin v1.0.8
EasyAdmin is a free and open source community program based on the LayUI template, with a ThinkPHP5 framework for backend support. EasyAdmin code execution vulnerability , an attacker can exploit the vulnerability to obtain server privileges...
LaySNS has an xss vulnerability
LaySNS is a lightweight, ThinkPHP+Layui-based integrated website management system that integrates content management and community interaction. LaySNS has an xss vulnerability that can be exploited by attackers to inject arbitrary Web script or HTML...
File upload vulnerability in vaeThink
vaeThink is a lightweight, high speed PHP content management framework built on Layui and tp5. A file upload vulnerability exists in vaeThink, which can be exploited by attackers to gain server privileges...
Code Execution Vulnerability in HisiPHP
HisiPHP is based on ThinkPHP5 + Layui development of a set of free WEB open source framework. HisiPHP code execution vulnerability, an attacker can be exploited to execute arbitrary code...
Command Execution Vulnerability in ITKEE Backend Management System
ITKEE backend management system is an open source system using thinkphp5+layui development . ITKEE backend management system has a command execution vulnerability that can be exploited by attackers to gain control of the web server...
Code execution vulnerability in vaeThink php backend
vaeThink is a lightweight, high speed PHP content management framework built on Layui and tp5. A code execution vulnerability exists in the vaeThink php backend. The vulnerability stems from the website's failure to filter php code resulting in arbitrary php code execution, writing a one-sentence...
Arbitrary File Write Vulnerability in LaySNS v2.4
LaySNS is a lightweight, ThinkPHP+Layui-based integrated website management system that integrates content management and community interaction. LaySNS v2.4 has an arbitrary file write vulnerability that can be exploited by an attacker to write arbitrary files and gain control of the web server...
SQL Injection Vulnerability in LaySNS In***.php File
LaySNS Light Community is a comprehensive website system based on ThinkPHP5+LayUI that integrates content publishing and community exchange. A SQL injection vulnerability exists in the LaySNS In.php file. An attacker can exploit the vulnerability to obtain sensitive database information...
Stored Cross-Site Scripting Vulnerability in CLTPHP's "Membership Management in the Backend of the Website".
CLTPHP is a content management system based on ThinkPHP5 development with Layui framework in the backend. A stored cross-site scripting vulnerability exists in the "Membership Management" section of CLTPHP. An attacker can insert malicious js code into the page to obtain user cookies and other...
Arbitrary File Download Vulnerability in LaySNS
LaySNS Light Community is a comprehensive website system based on ThinkPHP5+LayUI that integrates content publishing and community exchange. LaySNS has an arbitrary file download vulnerability. Allows an attacker to exploit the vulnerability to download any file of the system...
Directory Traversal Vulnerability in CLTPHP Version 5.5.3
CLTPHP is a content management system based on ThinkPHP5 development with Layui framework in the backend. A directory traversal vulnerability exists in CLTPHP version 5.5.3, which can be exploited by attackers to obtain sensitive information...